Job Title: Pen Tester

Location: Salem, OR

Experience Level: 8+ Years (relevant)

Key Responsibilities / Required Skills:

Certifications:

Desired certifications include OSCP, OSWA, CEH, or relevant SANS certifications.

• Experience in manual penetration testing, particularly in web and mobile applications.
• Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.
• Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
• Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix

for vulnerability assessments.

• Practical experience with AWS services (EC2, S3, KMS, RDS) and securitybest practices relevantto cloud environments.
• Familiar with Azurecloud security architecture, VNets, and Azure DevOps pipelines.
• Proficient in Python, Perl, PHP, Java, and ObjectiveC for securitytesting and code reviews.
• Knowledge of core networking conceptslike routing, ACLs,SSL/TLS, TCP protocols, and load balancing strategies.
• Experience in buildingand assessing API securityframeworks and securecoding practices for web apps.
• Deep experience in implementing Secure SoftwareDevelopment Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
• Active participation in platforms like Hack the Box, Portswigger Academy, or Capturethe Flag (CTF)
• challenges.
• Passion for discovering new vulnerabilities and security exploits.
• Excellent written and verbal communication skills to clearlyarticulate security risks and remediation strategies.
• Familiar with commontechnology stacks such as LAMP, LEMP, and MEAN,as well as secure coding practices for these environments.
• Conduct penetration testingon web and mobile applications, identifying criticalvulnerabilities and collaborating with development teams to resolve them.
• Implement and maintain Application SecurityPrograms (DAST & SAST), ensuringall applications follow security best practices.
• Lead securityscoping calls withstakeholders, outline securityrisks, and developremediation plans.
• Perform code reviews to detect vulnerabilities and enforce securecoding standards, especially in
• Java, Python, and ObjectiveC.
• Utilize tools such as Burp Suite and Checkmarx forsecurity testing, as well as manual testingfor identifying issues like XSS, SQLi, CSRF, etc.
• Provide feedback on application architecture regarding network security, SSL/TLS configurations, and cloud security best practices.
• Stay updated on emerging securityvulnerabilities, develop API security strategies, and integrate security controls into the CI/CD pipeline.