Address
Form of workJob Description
this is a 264 business day contract- you must go into the office once a week in Detroit. Must be local to Michigan.
We are seeking a highly skilled and experienced Penetration Tester to join our team. The ideal candidate will have a strong background in cyber security, with expertise in performing penetration testing and vulnerability assessments. As a Penetration Tester, you will play a crucial role in establishing a cycle of scanning, reporting, and remediation to include BCBSM application and website stakeholders as part of our regularly scheduled Threat and Vulnerability Management process.
Top 3 Required Skills/Experience –
• Enterprise application penetration testing, with a strong understanding of OWASP Top 10 and CWE Top 25 vulnerabilities (e.g., XXE,
XXS, SQLi).
• Manual penetration testing of Network & Web applications, and Web Services penetration testing (RESTful and SOAP).
• Familiarity with Web Authentication protocols (e.g., OAuth2, SAML, LDAP)
• Familiarity with Tenable Web Application Module, Acunetix and Synopsis
Required Skills/Experience – The rest of the required skills/experience. Include:
• 3-5 years of experience in Penetration Testing, with a focus on dynamic web applications.
• Experience in development and/or code auditing is strongly preferred.
• Hands-on experience manually testing web applications and APIs, with a background in web application development and code
auditing.
• Proficiency in AWS, Cloud Audit, Serverless, Microservice Architecture, and scripting languages (e.g. Java).
• Working knowledge of basic networking concepts, application architecture, and AWS services.
• Excellent verbal and written communication skills.
• Ability to exploit recognized vulnerabilities and discover new vulnerabilities.
• Hands-on experience with both white box and black box testing • Good to have CEH, OSCP or any security vendor certification would
be preferred.
Preferred Skills/Experience – Optional but preferred skills/experience. Include:
• Experience in testing business critical environments.
• Real-time traffic analysis, network IDS and packet dissection.
• Solid understanding of information security and applied cryptographic protocols.
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and
protocols etc.
• Good to understand tools and technologies for performing Penetration Testing.
We work with the best of the best! Join us today!
