Penetration Testing, Test Automation, Security Analysis, U.S. National Institute of Standards and Technology (NIST), Security Vulnerabilities, OSINT (Open Source Intelligence), Applications Security, Internet Security, Java, Security Attacks,
- Bachelor’s degree in a related software field with 6+ years in a Dev Sec role.
Core Java coding experience. - Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Minimum of 6 years of Development/Security experience
- Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
- Strong knowledge of Java programming and its security practices as well as scripting experience.
- Proficiency in web application security principles (e.g., OWASP).
- Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
- Experience with penetration testing tools like Burp Suite, Metasploit.
- Familiarity with Fortify on Demand SAST and DAST tools.
- Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
- Excellent problem-solving and analytical skills.
- Strong communication skills.
- High ethical standards and confidentiality.
- Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
- Identify security flaws in Java code using automated and manual methods.
- Create and use custom exploits to test application security, simulating attacker tactics.
- Collaborate with Development teams to understand application architecture and find security weaknesses early.
- Collaborate with Testing teams to integrate with manual and automation testing.
- Provide guidance on secure coding and how to fix vulnerabilities.
- Stay updated on Java security threats and best practices.
- Help improve secure development processes (SDLC).
- Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
- Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
- Communicate findings and recommendations to both technical and non-technical staff.
- Contribute to security policies for Java development and deployment.
- Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses’ browser tokens and cache manipulation and Production vs. none prod architecture.
- Familiar with MITRE ATT&CK Framework.
We are seeking a skilled Penetration Tester with a focus on Java application security is sought to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats.