Description
Job Title: Web Penetration TesterLocation: Remote
Contract Type: Contract - 2/3 years
Job Description:
We are seeking a highly skilled and experienced Web Penetration Tester to join our team.
As a Web Penetration Tester, you will be responsible for assessing the security of web applications. Our primary objective will be to identify potential vulnerabilities and weaknesses that could be exploited by external attackers.
Responsibilities:
- Conduct external web security assessments of all Goverment Internet-facing web assets.
- Perform security testing using a "researcher mindset," aiming to identify weaknesses without compromising the target.
- Follow recognized web security testing methodologies, such as the OWASP testing guide.
- Employ a black-box approach, utilizing publicly available information and URLs of the target websites.
- Utilize various tools and techniques to identify vulnerabilities, including injection flaws, cross-site Scripting (XSS), cross-site request forgery (CSRF), insecure direct object references, and others.
- Attempt to exploit identified vulnerabilities to assess their impact and potential for unauthorized access.
- Conduct password cracking to evaluate the strength of user credentials.
- Test and assess different components of web applications, such as authentication mechanisms, session management, input validation, error handling, and secure communications.
- Document all findings, including detailed descriptions of vulnerabilities, their potential impact, and recommendations for remediation.
- Prepare regular reports on executed activities, focusing on identified findings and suggested mitigations.
- Support the identification of recurring vulnerabilities and their root causes.
- Stay updated with the latest security trends, vulnerabilities, and attack techniques in the web application security domain.
- Strong experience in web application security testing and penetration testing.
- Extensive knowledge of web application vulnerabilities and associated security best practices.
- Familiarity with recognized web security testing methodologies, such as the OWASP testing guide.
- Proficiency in using penetration testing tools and frameworks.
- Ability to think like an external attacker and identify weaknesses without causing harm to the target systems.
- Strong understanding of authentication mechanisms, session management, input validation, and secure communications.
- Excellent documentation and reporting skills.
- Ability to work independently and collaboratively in a team environment.
- Security certifications, such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP), are highly desirable.
- Previous experience in conducting web security assessments for international organizations or governments is a plus.
- Standard working hours are Monday to Friday, 8:30 AM to 5:30 PM in the Central European Time zone.
- Occasional travel may be required.