Consultant, Application Security Penetration Tester

What You'll Do

• Perform application security assessments using penetration testing, threat modeling, and code review techniques.
• Identify and remediate security vulnerabilities in web applications, APIs, cloud environments, and enterprise systems.
• Conduct API security testing (SOAP, REST, GraphQL) and evaluate authentication/authorization mechanisms.
• Analyze network security controls, including firewalls, SSL/TLS, encryption, and VPN configurations.
• Collaborate with development teams to integrate security into the Secure Development Life Cycle (SDLC).
• Conduct code reviews across various languages to identify security flaws and vulnerabilities.
• Work with cloud security testing methodologies and ensure compliance with security standards.
• Provide clear, well-written reports with actionable recommendations.
• Consult with clients to explain findings, address security concerns, and provide remediation guidance.
• Support mentorship and knowledge sharing within the team.
• Lead and support penetration testing projects from start to finish.
• Contribute to thought leadership through blog posts, conference talks, and R&D initiatives.
• Stay up to date with security policies, industry best practices, and emerging threats.

What You'll Bring

• A sense of humor and a good collection of memes and GIFs!
• Strong knowledge of OWASP Top 10 and ability to explain vulnerabilities and attack vectors.
• Hands-on experience with web application security testing and exploits.
• Proficiency in Linux, VMWare, and GitHub for security assessments.
• Working knowledge of popular web technologies like .NET, Java EE, Node.js, Rails, or JavaScript.
• Familiarity with code scanning and dynamic analysis tools.
• Expertise in API security testing and protocol handling.
• Experience working with cloud security principles (AWS, GCP, Azure).
• Understanding of IAM policies and security configurations in cloud environments.
• Strong problem-solving and critical-thinking skills.
• Ability to work independently and collaborate with teams effectively.
• Strong time management and ability to meet deadlines.
• Excellent verbal and written communication skills - able to explain findings to technical and non-technical stakeholders.
• Open to constructive feedback and continuous learning.
• A passion for mentorship and knowledge sharing.
• A client-centric mindset with a high level of professionalism and collaboration.
• Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience.

Bonus Points

• Experience with AWS security concepts (IAM, STS, security controls, serverless architectures).
• Hands-on experience with AWS services like S3, SQS, SNS, Lambda, and API Gateway.
• Familiarity with DevSecOps, CI/CD security, and infrastructure automation.
• Experience in mobile security (iOS/Android) and IoT testing.
• Deep understanding of network and host-based penetration testing methodologies.
• AWS Cloud Practitioner
• AWS Certified Security - Specialty
• Offensive Security Certified Professional (OSCP)