Job Description
Job Title: Pen Tester Location: Salem, OR
Experience Level: 8+ Years (relevant)
PS – ONLY USC or GC
Key Responsibilities / Required Skills:
Experience in manual penetration testing, particularly in web and mobile applications.
Strong understanding of security frameworks like OWASP Top 10 and NIST Standards .
Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan .
Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect , and Acunetix for vulnerability assessments.
Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.
Familiar with Azure cloud security architecture, VNets , and Azure DevOps pipelines.
Proficient in Python, Perl, PHP, Java , and Objective C for security testing and code reviews.
Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.
Experience in building and assessing API security frameworks and secure coding practices for web apps.
Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
Active participation in platforms like Hack the Box, Portswigger Academy , or Capture the Flag (CTF) challenges.
Passion for discovering new vulnerabilities and security exploits.
Excellent written and verbal communication skills to clearly articulate security risks and remediation strategies.
Familiar with common technology stacks such as LAMP, LEMP, and MEAN , as well as secure coding practices for these environments.
Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.
Implement and maintain Application Security Programs ( DAST & SAST ), ensuring all applications follow security best practices.
Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.
Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in Java, Python , and Objective C .
Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues like XSS, SQLi, CSRF , etc.
Provide feedback on application architecture regarding network security, SSL/TLS configurations , and cloud security best practices .
Stay updated on emerging security vulnerabilities, develop API security strategies , and integrate security controls into the CI/CD pipeline .
Certifications : Desired certifications include OSCP, OSWA, CEH , or relevant SANS certifications
Job Tags
Similar Jobs
Wagner Subaru
THIS IS NOT THE TRADITIONAL CAR DEALERSHIP ENVIRONMENT!!! Check out our Google reviews for yourself. Are you outgoing and like creating... ...time doing it? We are looking for people to join our pre-owned sales team! Wagner Subaru is the 9th oldest Subaru dealer in the US! We...
Denali Water Solutions LLC
...Class A Retail Route Driver - Woodbine, MD Elevate your career as a CDL driver with Denali... ...day by routing determined by the Company. Delivery equipment ranges from 30-45' open-top dump trailers (combination vehicles) across a regional footprint determined by management...
Ashland Hills Hotel
...About the Role: Seasonal Banquet Server The Banquet Server plays a crucial role in ensuring that events hosted at Ashland Hills F&B are executed flawlessly, providing an exceptional dining experience for guests. This position involves setting up banquet rooms, serving...
Gulf Relay
...Role Description As an Operations Trainee, you will have the opportunity to learn the logistics industry from the ground up. Throughout training, you will have the chance to learn the ins and outs of our Fleet Manager roles. After completing our 90 day training program...
Bvlgari
...Role: Security Agent Role Overview: The Store Security Agent is a key member of... ...clientele is highly desirable. Luxury Asset Protection Expertise Candidates with a... ...within a luxury retail environment. Executive Protection Training (a plus) Background...