Web Application Penetration Tester
Fairfax, VA / Telework

Tiber Creek Consulting, Inc. is seeking an experienced Web Application Penetration Tester to join our growing cybersecurity operations team in Fairfax VA / Telework. The successful candidate demonstrates experience using PortSwigger Burp Suite Pro to perform dynamic web application penetration tests to include SQL injection, XSS, fuzz testing, and buffer overflow types of attacks (automated and manual). Additionally, experience using static code analyzer tools such as Fortify to look at source code to identify targets for an attack, analyzing those targets for vulnerabilities and working with a team to explain remediation strategies for vulnerabilities are required skills. Your ability to multi-task and support a cross-matrixed team efficiently by working through many client projects and supporting internal team functions as well as experience solving complex information security related challenges and proposing strategic and pragmatic approaches to the team and clients, make you a great fit for this position.

We offer generous medical, dental, and disability insurance benefits, flexible spending, 401(k), ample vacation/leave time, training/skills building opportunities and a great work environment.

Apply To:https://tibercreek.com/careers/apply/
Certifications:Required - Offensive Security Certified Practitioner (OCSP); or GIAC Web Application Penetration Tester (GWAPT); Burp Suite Certified Practitioner (BSCP). Preferred - Security+ ; CISSP, Certified Ethical Hacker (CEH).
Experience:Minimum of 3 years’ professional experience performing web application penetration testing and/or application security consulting is required to be considered for this position.
Clearance:Candidates must be US citizens who are clearable for a DoD Secret clearance, due to federal contract requirements.
Related Experience Should Include:
  • SAST / Static Application Security Testing experience is preferred.
  • Experience performing and auditing MicroFocus Fortify static code analysis scans is preferred.
  • Strong security system analysis skills and understanding of Cyber and IT security risks, threats, prevention measures and security best practices.
  • Proposing and providing guidance in compliant technologies, architectures, and solutions.
  • Experience with cloud security approaches and cloud architectures.
  • Experience with Federal Governance, Risk Management, and Compliance or ATO related tools and content, such as Vulnerability scanning and penetration tools, SCAP/STIG, Microfocus Fortify, Nessus/Tenable, SonarQube, etc. is preferred.
  • Knowledge of Cybersecurity/IA solutions/architectures such as PKI, VPN, Enterprise Firewalls, IPS, IDS, SCAP, STIG, Nessus, ACAS, SIEM, HIDS, NIDS, MFA, SSO, EDR, FIM, CMDB, Vulnerability Scanners, AV solutions, data at rest encryption solutions, data in transit encryption solutions, penetration testing tools, etc.
  • In-depth understanding of networking and network security; cloud security, network monitoring solutions/approaches.
Job Duties:
  • Effectively and efficiently develop automated test scripts of user stories on a number of products.
  • Each bullet is rendered as a bullet in the posting
  • Support and lead testing of web applications and APIs for susceptibility to SQL injections, Cross-Site Scripting and other attacks
  • Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
  • Conduct automated credentialed vulnerability scanning using commercial and open-source scanning tools.
  • Conduct reviews of system configurations for identification of security weaknesses or misconfigurations.
  • Research known vulnerabilities and manually validate scanner finding.
  • Document security weaknesses, including steps to reproduce.
  • Support development of security and risk reports and related documentation.
  • Consult developer teams on various mitigation and remediation solutions/methods.
Minimum Qualifiers:
  • Unable to work with 3rd party candidates or agencies.

Interested in Joining Our Team?

Apply Now
Back to Careers