Jr. Penetration Tester

  • Contract

Job Description

Position Details:

Job Title: Jr. Penetration Tester

Location: Augusta, ME 04333

Duration: 12+ Months (Strong possibility for an extension)

Project Name: Web Application Security

This project is supporting deployment certification.

Job Description:

Contractors primary responsibility is to work with application/development customers, and vendors to detect, analyze and assist in security remediation activities with Client Web Applications. The candidate should also have a basic understanding of security principles around the availability, confidentiality and integrity of data.

Representative Tasks:

Runs Web application vulnerability software to detect security issues in web applications.

Analyzes output of web application test scans to determine valid security issues.

Meets with internal/external customers to analyze outputs from web application scans.

Recommends remediation and mitigation strategies of security issues in web applications to customers

Minimum Required Qualifications:

2 years’ experience performing system administration functions in a LAN/WAN environment.

2 years’ experience working with computer Operating Systems (Windows, Linux, Unix)

1-2 years’ experience working on Web hosting Platforms (IIS, Tomcat)

Basic understanding of HTML

Basic understanding of Java, Java Script

Required Experience/Skills:

Troubleshoot and solve complex technical computer or network issues.

Run automated Web application security test software.

Understanding of OWASP Top Ten vulnerabilities

Communicate effectively, write clearly, and present security concepts to non-technical audiences.

Perform research and be comfortable making recommendations to management on technical cyber security issues.

Develop and coordinate training programs involving security applications.

Detect and determine potentially serious cyber security hazards on the network.

Develop and manage user-oriented computing activities.

Document, author, and produce written test plans, test reports, operating instructions, standard operating procedures, and technical documentation.

Windows, Intermediate

UNIX/LINUX, Intermediate

Java, Beginner

PHP, Beginner

HTML, Intermediate

Manual Testing, Beginner

ATE, Beginner

JIRA, Beginner

Required Knowledge/Understanding:

Web Vulnerability/Risk assessment processes

OWASP top 10 vulnerabilities

Complex multi-user network systems.

Complex software applications on PC's, servers, and networks.

Operating systems on PC's and servers.

Ethernet networking, IP addressing and TCP/IP.

Proper computer system data security/backup procedures.

Additional Information

All your information will be kept confidential according to EEO guidelines.