Job Description
Sr. Penetration Tester (Remote)
We have an immediate need for a contract Sr. Penetration Tester to join our client, a multi-billion dollar online payment organization. The Sr. Penetration Tester will have a strong background in cybersecurity, with specific expertise in conducting advanced penetration tests on web services and APIs to identify vulnerabilities and security flaws.
Location: Fully Remote
This job expects to pay about $ hourly plus benefits.
What You Will Do:
* Conduct comprehensive penetration tests on APIs, including RESTful and SOAP services, to identify vulnerabilities such as injection attacks, broken authentication, security misconfigurations, and data exposure.
* Develop and execute sophisticated testing strategies, scripts, and procedures for APIs, considering authentication, encryption, and access control mechanisms.
* Collaborate with development teams to provide guidance on how to secure APIs against common security threats and vulnerabilities identified during testing.
* Perform threat modeling and risk assessments for APIs to prioritize security issues based on potential impact.
* Stay up-to-date with the latest API security threats, vulnerabilities, and testing tools; incorporate this knowledge into penetration testing practices.
* Document findings from penetration tests, providing detailed technical reports and executive summaries that outline identified vulnerabilities, the potential impact, and recommended remediation strategies.
* Participate in the development of API security policies and guidelines to improve overall security posture.
* Mentor junior penetration testers and security team members, promoting best practices in API security.
* Work with security incident response teams to investigate and respond to security incidents involving APIs.
What Gets You The Job:
* Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
* Professional certifications such as OSCP (Offensive Security Certified Professional), GWAPT (GIAC Web Application Penetration Tester), or equivalent are highly desirable.
* Minimum of 5 years of experience in cybersecurity, with 3+ years focused on pen testing and API security.
* Strong understanding of API technologies (REST, SOAP, GraphQL) and security standards (OAuth, OpenID Connect, JWT).
* Proficient in using penetration testing tools and frameworks (such as Burp Suite, Postman, OWASP ZAP).
* Knowledge of programming and scripting languages (e.g., Python, JavaScript) is advantageous for developing custom testing scripts and tools.
* Excellent problem-solving skills, with the ability to think creatively about complex security challenges.
* Strong communication skills, with the ability to translate technical vulnerabilities into business risk terminology.
Irvine Technology Corporation (ITC) is a leading provider of technology and staffing solutions for IT, Security, Engineering, and Interactive Design disciplines servicing startups to enterprise clients, nationally. We pride ourselves in the ability to introduce you to our intimate network of business and technology leaders - bringing you opportunity coupled with personal growth, and professional development! Join us. Let us catapult your career!
Irvine Technology Corporation provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Irvine Technology Corporation complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
Job Tags
Hourly pay, Contract work, Local area, Immediate start, Remote job,