Jr. Penetration Tester

Position Details:

Job Title: Jr. Penetration Tester

Location: Augusta, ME 04333

Duration: 12+ Months (Strong possibility for an extension)

Project Name: Web Application Security

• This project is supporting deployment certification.

Job Description:

• Contractors primary responsibility is to work with application/development customers, and vendors to detect, analyze and assist in security remediation activities with Client Web Applications. The candidate should also have a basic understanding of security principles around the availability, confidentiality and integrity of data.

Representative Tasks:

• Runs Web application vulnerability software to detect security issues in web applications.

• Analyzes output of web application test scans to determine valid security issues.

• Meets with internal/external customers to analyze outputs from web application scans.

• Recommends remediation and mitigation strategies of security issues in web applications to customers

Minimum Required Qualifications:

• 2 years’ experience performing system administration functions in a LAN/WAN environment.

• 2 years’ experience working with computer Operating Systems (Windows, Linux, Unix)

• 1-2 years’ experience working on Web hosting Platforms (IIS, Tomcat)

• Basic understanding of HTML

• Basic understanding of Java, Java Script

Required Experience/Skills:

• Troubleshoot and solve complex technical computer or network issues.

• Run automated Web application security test software.

• Understanding of OWASP Top Ten vulnerabilities

• Communicate effectively, write clearly, and present security concepts to non-technical audiences.

• Perform research and be comfortable making recommendations to management on technical cyber security issues.

• Develop and coordinate training programs involving security applications.

• Detect and determine potentially serious cyber security hazards on the network.

• Develop and manage user-oriented computing activities.

• Document, author, and produce written test plans, test reports, operating instructions, standard operating procedures, and technical documentation.

• Windows, Intermediate

• UNIX/LINUX, Intermediate

• Java, Beginner

• PHP, Beginner

• HTML, Intermediate

• Manual Testing, Beginner

• ATE, Beginner

• JIRA, Beginner

Required Knowledge/Understanding:

• Web Vulnerability/Risk assessment processes

• OWASP top 10 vulnerabilities

• Complex multi-user network systems.

• Complex software applications on PC's, servers, and networks.

• Operating systems on PC's and servers.

• Ethernet networking, IP addressing and TCP/IP.

• Proper computer system data security/backup procedures.

All your information will be kept confidential according to EEO guidelines.