[Remote] Security Consultant II (Web Application Penetration Tester)
Note: The job is a remote job and is open to candidates in USA. NetSPI is a leader in Penetration Testing as a Service (PTaaS) and is seeking a skilled Security Consultant II to conduct thorough security assessments and identify vulnerabilities in web applications. The role involves delivering actionable reports and contributing to the development of security best practices to enhance clients' security posture.
Responsibilities
- Conduct penetration testing engagements on web applications and underlying APIs
- Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture
- Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes
- Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations
Skills
- Bachelor's degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experience
- Minimum of 2-3 years of work experience in application penetration testing
- Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus)
- Familiarity with offensive and defensive IT concepts and protocols
- Extensive understanding of the OWASP Top 10 and various security frameworks
- Working knowledge of Windows, Linux and MacOS operating systems internals
- Ability to work independently and as part of a team
- Proficient communication skills, both written and verbal
- Willingness to travel up to 5-10%
- This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs
- Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences
- Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)
- Offensive cybersecurity certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT)
Company Overview
Company H1B Sponsorship