Web Penetration Tester-Greenbelt, MD - Georgia IT Inc.
Greenbelt, MD
About the Job
Web Penetration Tester
Greenbelt, MD
12-18 Months Contract
Citizenship/Clearance Requirement: U.S. Citizen (Public Trust Preferred)
Role Description:
Use industry standard and/or proprietary software to conduct penetration testing including but not limited to, Metasploit for automated penetration testing, Burpsuite, and Web Inspect for web application penetration testing
Test web services using automated web application scanning methodologies and tools (e.g. IBM AppScan, Client Web Inspect, Acunetix WVS, etc.)
Test web services using a manual in-depth testing methodologies and tools (e.g. Burp Suite Pro, ZAP Proxy, IronWASP, etc.)
Research new threats, attack vectors, and risk
Analyze results of scans to identify threats and vulnerabilities, analyze controls planned or already in place, determine the likelihood that identified vulnerabilities may be exploited by testing exploitation, and provide an analysis which includes recommended remediation strategies for comprehensive security program improvements
Validate findings and research methods for mitigation when deemed necessary by the customer. This includes retesting findings to validate vulnerability remediation and/or gathering information to assist system owners with the mitigation of findings
4 years of overall IT experience
2 years of Penetration Testing experience
2 years of experience with testing and scanning tools like Nessus, Metasploit, NMAP, Burp Suite, and Web Inspect
Bachelor's Degree preferred
Required Skills:
Greenbelt, MD
12-18 Months Contract
Citizenship/Clearance Requirement: U.S. Citizen (Public Trust Preferred)
Role Description:
Use industry standard and/or proprietary software to conduct penetration testing including but not limited to, Metasploit for automated penetration testing, Burpsuite, and Web Inspect for web application penetration testing
Test web services using automated web application scanning methodologies and tools (e.g. IBM AppScan, Client Web Inspect, Acunetix WVS, etc.)
Test web services using a manual in-depth testing methodologies and tools (e.g. Burp Suite Pro, ZAP Proxy, IronWASP, etc.)
Research new threats, attack vectors, and risk
Analyze results of scans to identify threats and vulnerabilities, analyze controls planned or already in place, determine the likelihood that identified vulnerabilities may be exploited by testing exploitation, and provide an analysis which includes recommended remediation strategies for comprehensive security program improvements
Validate findings and research methods for mitigation when deemed necessary by the customer. This includes retesting findings to validate vulnerability remediation and/or gathering information to assist system owners with the mitigation of findings
4 years of overall IT experience
2 years of Penetration Testing experience
2 years of experience with testing and scanning tools like Nessus, Metasploit, NMAP, Burp Suite, and Web Inspect
Bachelor's Degree preferred
Required Skills:
- Web application testing experience that includes experience with attacks to identify common vulnerabilities such as, SQL Injection, Cross Site Scripting, Cross Site Request Forgery, etc
- Writing detailed test assessment reports
- Using, administering, and troubleshooting a major version of Linux
- Proven proficiency in performing extensive vulnerability assessment and penetration testing
- Knowledge of TCP/IP protocols and networking architectures
- Knowledge of open security testing standards and projects, including OWASP
- Knowledge of database, applications, and Web server design and implementation
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
Source : Georgia IT Inc.
