Penetration Tester

---

---

Penetration Tester Location: Westlake, TX Duration: 3-6 months Rate: $45-65/hr Overview We are seeking a highly skilled Penetration Tester to assess the security of web applications, APIs, and related infrastructure. The ideal candidate will have hands-on experience in identifying, documenting, and exploiting security vulnerabilities while collaborating with development teams to improve security posture. This role requires expertise in both manual and automated penetration testing, scripting, and secure coding best practices. Key Responsibilities • Conduct manual and automated penetration testing of web applications, APIs, and related infrastructure. • Identify, document, and exploit security vulnerabilities such as SQL injection, XSS, authentication flaws, and business logic issues. • Perform source code reviews to uncover security flaws in web applications. • Utilize industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, and SAST/DAST tools. • Develop and execute custom scripts and exploits to validate security weaknesses. • Collaborate with development and DevSecOps teams to provide secure coding recommendations and remediation guidance. • Generate detailed reports with findings, risk assessments, and actionable remediation steps for both technical and non-technical stakeholders. • Stay up to date with the latest web security trends, vulnerabilities, and attack techniques. • Perform retesting of vulnerabilities after remediation efforts. • Assist in threat modeling and risk assessments for web applications. Tools & Technologies Web Application Security Testing Tools: • Burp Suite (Pro & Community), WebInspect Network & Reconnaissance Tools: • Nmap, Masscan, Amass, Subfinder/Assetfinder, Shodan/Censys Exploitation & Attack Tools: • SQLmap (SQL injection testing), Metasploit Framework Scripting & Automation: • Python / Bash / PowerShell • JavaScript (for DOM-based attacks and exploitation) • Postman / REST API testing tools Code Analysis & Debugging: • Source Code Review (Java, .NET, Python, JavaScript, etc.) • Static Analysis Tools (SAST): SonarQube, Snyk, Fortify • Dynamic Analysis Tools (DAST): Acunetix, BurpSuite Cloud & Container Security: • AWS Security Tools (Pacu, ScoutSuite, Prowler) • Docker Security Testing (Trivy, Dockle) • Kubernetes Security Testing (Kube-hunter, Kube-bench) Qualifications & Skills Technical Skills: • Deep understanding of OWASP Top 10 vulnerabilities and web security principles. • Proficiency in HTTP/HTTPS protocols, authentication mechanisms, session management, and API security. • Experience with scripting (Python, Bash, PowerShell, JavaScript) for automation and exploit development. • Familiarity with Cloud Security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. • Knowledge of Secure Software Development Life Cycle (SDLC) practices. Certifications (Preferred but Not Required): • OSCP (Offensive Security Certified Professional) • GWAPT (GIAC Web Application Penetration Tester) • CPT (Certified Penetration Tester) • CEH (Certified Ethical Hacker) Experience & Education: • Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). • 2-5 years of experience in web application security, penetration testing, or ethical hacking

Keyword: cloud

Contractor Tier: Hourly: $45.00 - $65.00

Price: $55.0