Penetration Tester (Java/ Ethical Hacking focus) - Hybrid - Contract to Hire
Onsite role in Albany, NY - two days per week Wednesday/Thursday + every other Friday
Overview:
A Penetration Tester with a focus on Java application security is sought to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats.
Key Responsibilities:
ā¢ Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
ā¢ Identify security flaws in Java code using automated and manual methods.
ā¢ Create and use custom exploits to test application security, simulating attacker tactics.
ā¢ Collaborate with Development teams to understand application architecture and find security weaknesses early.
ā¢ Collaborate with Testing teams to integrate with manual and automation testing.
ā¢ Provide guidance on secure coding and how to fix vulnerabilities.
ā¢ Stay updated on Java security threats and best practices.
ā¢ Help improve secure development processes (SDLC).
ā¢ Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
ā¢ Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
ā¢ Communicate findings and recommendations to both technical and non-technical staff.
ā¢ Contribute to security policies for Java development and deployment.
ā¢ Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses' browser tokens and cache manipulation and Production vs. none prod architecture.
ā¢ Familiar with MITRE ATT&CK Framework.
REQUIREMENTS:
ā¢ Bachelor's degree in Computer Science, Information Security, or a related field.
ā¢ Minimum of 6 years of Development/Security experience
ā¢ Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
ā¢ Strong knowledge of Java programming and its security practices as well as scripting experience.
ā¢ Core Java coding experience.
ā¢ Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.
ā¢ Proficiency in web application security principles (e.g., OWASP).
ā¢ Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
ā¢ Experience with penetration testing tools like Burp Suite, Metasploit.
ā¢ Familiarity with Fortify on Demand SAST and DAST tools.
ā¢ Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
ā¢ Excellent problem-solving and analytical skills.
ā¢ Strong communication skills.
ā¢ High ethical standards and confidentiality.
Preferred Qualifications:
ā¢ Certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.
ā¢ Experience with scripting languages (e.g., Python, Bash).
ā¢ Experience with secure code review for Java.
ā¢ Familiarity with cloud security testing.
ā¢ Experience with mobile application penetration testing.
ā¢ Knowledge of regulations like HIPAA.
ā¢ Experience with API testing
Overview:
A Penetration Tester with a focus on Java application security is sought to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats.
Key Responsibilities:
ā¢ Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
ā¢ Identify security flaws in Java code using automated and manual methods.
ā¢ Create and use custom exploits to test application security, simulating attacker tactics.
ā¢ Collaborate with Development teams to understand application architecture and find security weaknesses early.
ā¢ Collaborate with Testing teams to integrate with manual and automation testing.
ā¢ Provide guidance on secure coding and how to fix vulnerabilities.
ā¢ Stay updated on Java security threats and best practices.
ā¢ Help improve secure development processes (SDLC).
ā¢ Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
ā¢ Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
ā¢ Communicate findings and recommendations to both technical and non-technical staff.
ā¢ Contribute to security policies for Java development and deployment.
ā¢ Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses' browser tokens and cache manipulation and Production vs. none prod architecture.
ā¢ Familiar with MITRE ATT&CK Framework.
REQUIREMENTS:
ā¢ Bachelor's degree in Computer Science, Information Security, or a related field.
ā¢ Minimum of 6 years of Development/Security experience
ā¢ Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
ā¢ Strong knowledge of Java programming and its security practices as well as scripting experience.
ā¢ Core Java coding experience.
ā¢ Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.
ā¢ Proficiency in web application security principles (e.g., OWASP).
ā¢ Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
ā¢ Experience with penetration testing tools like Burp Suite, Metasploit.
ā¢ Familiarity with Fortify on Demand SAST and DAST tools.
ā¢ Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
ā¢ Excellent problem-solving and analytical skills.
ā¢ Strong communication skills.
ā¢ High ethical standards and confidentiality.
Preferred Qualifications:
ā¢ Certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.
ā¢ Experience with scripting languages (e.g., Python, Bash).
ā¢ Experience with secure code review for Java.
ā¢ Familiarity with cloud security testing.
ā¢ Experience with mobile application penetration testing.
ā¢ Knowledge of regulations like HIPAA.
ā¢ Experience with API testing