Job Description:We are looking for an experienced Web Application Penetration Tester to join our cybersecurity team, focusing on testing the security of the top 10 web applications used by the State of Arizona’s Department of Economic Security (ADES). You will be responsible for identifying vulnerabilities in web applications and working with a security team to provide insights and recommendations to the client.
Responsibilities:
Conduct web application penetration testing for both authenticated and unauthenticated systems.
Perform manual and automated testing to identify vulnerabilities such as SQL injection, XSS, CSRF, and more.
Use tools like Burp Suite, OWASP ZAP, and custom scripts to assess application security.
Provide detailed reports on findings, including recommendations for fixing vulnerabilities and improving application security.
Ensure that testing aligns with best practices like OWASP Top 10 and NIST guidelines.
Collaborate with the network and infrastructure testing team to provide a comprehensive security assessment.
Qualifications:
3+ years of experience in web application security testing.
Strong knowledge of OWASP Top 10 vulnerabilities and how to mitigate them.
Familiarity with tools like Burp Suite, OWASP ZAP, and other web security tools.
Experience with automated and manual testing techniques.
Certifications like OSCP, CEH, or equivalent are a plus.
Ability to communicate complex technical issues to non-technical stakeholders.
Screening Questions:
What experience do you have with testing web applications for vulnerabilities like SQL injection, cross-site scripting (XSS), or CSRF? Please provide specific examples.
What tools do you use for web application testing, and how do you determine the most effective tool for a given situation?
How do you approach reporting vulnerabilities and ensuring that your recommendations are actionable for development teams?
Have you worked with compliance standards (e.g., OWASP, NIST)? How do you ensure your testing meets these standards?
Application Submission Instructions:
Candidates must submit their resume along with answers to the provided screening questions. The screening questions will help assess the candidate’s depth of experience and technical expertise related to the scope of the project.