Jr. Penetration Tester
- Contract
Job Description
Position Details:
Job Title: Jr. Penetration Tester
Location: Augusta, ME 04333
Duration: 12+ Months (Strong possibility for an extension)
Project Name: Web Application Security
• This project is supporting deployment certification.
Job Description:
• Contractors primary responsibility is to work with application/development customers, and vendors to detect, analyze and assist in security remediation activities with Client Web Applications. The candidate should also have a basic understanding of security principles around the availability, confidentiality and integrity of data.
Representative Tasks:
• Runs Web application vulnerability software to detect security issues in web applications.
• Analyzes output of web application test scans to determine valid security issues.
• Meets with internal/external customers to analyze outputs from web application scans.
• Recommends remediation and mitigation strategies of security issues in web applications to customers
Minimum Required Qualifications:
• 2 years’ experience performing system administration functions in a LAN/WAN environment.
• 2 years’ experience working with computer Operating Systems (Windows, Linux, Unix)
• 1-2 years’ experience working on Web hosting Platforms (IIS, Tomcat)
• Basic understanding of HTML
• Basic understanding of Java, Java Script
Required Experience/Skills:
• Troubleshoot and solve complex technical computer or network issues.
• Run automated Web application security test software.
• Understanding of OWASP Top Ten vulnerabilities
• Communicate effectively, write clearly, and present security concepts to non-technical audiences.
• Perform research and be comfortable making recommendations to management on technical cyber security issues.
• Develop and coordinate training programs involving security applications.
• Detect and determine potentially serious cyber security hazards on the network.
• Develop and manage user-oriented computing activities.
• Document, author, and produce written test plans, test reports, operating instructions, standard operating procedures, and technical documentation.
• Windows, Intermediate
• UNIX/LINUX, Intermediate
• Java, Beginner
• PHP, Beginner
• HTML, Intermediate
• Manual Testing, Beginner
• ATE, Beginner
• JIRA, Beginner
Required Knowledge/Understanding:
• Web Vulnerability/Risk assessment processes
• OWASP top 10 vulnerabilities
• Complex multi-user network systems.
• Complex software applications on PC's, servers, and networks.
• Operating systems on PC's and servers.
• Ethernet networking, IP addressing and TCP/IP.
• Proper computer system data security/backup procedures.
Additional Information
All your information will be kept confidential according to EEO guidelines.