Web Application Penetration Tester
Job Description
Black Lantern Security is seeking a remote Web Application Penetration Tester to evaluate a broad spectrum of assets, from web and mobile applications to databases, client-side tools, and APIs. The role centers on hands-on testing, building custom tooling and exploits, and delivering thorough reports with practical mitigations for enterprise clients.
Responsibilities
- Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
- Perform manual and automated analysis of source code to assess security and quality.
- Engage in pre-assessment activities such as recon, documentation reviews, configuration analysis, and customer interviews.
- Develop custom tools and exploits as needed.
- Analyze security findings through risk and root-cause analyses.
- Produce comprehensive reports detailing findings, exploitation steps, and mitigations.
- Deliver walkthroughs, proofs of concept, articles, and formal presentations.
- Verify and validate customer mitigations and fixes through testing.
Requirements
- U.S. citizenship with willingness to undergo federal, state, and local background checks and related requirements.
- Experience performing penetration testing on enterprise networks, web applications, and mobile applications.
- Knowledge of common web vulnerabilities such as XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal, SSRF, Remote Execution Flaws, Server Configuration Flaws, and Authentication Flaws.
- Experience testing web-based APIs (REST, SOAP, XML, JSON).
- Ability to design and document pragmatic remediation guidance for discovered vulnerabilities.
- Experience building actionable intelligence from open source intelligence (OSINT) gathering.
- Proficiency with at least one scripting language (Bash, Python, Perl, PowerShell, etc.).
- Solid understanding of the OWASP testing methodology.
- Familiarity with front-end frameworks (e.g., AngularJS, Bootstrap).
- Capacity to work effectively with minimal supervision.
- Strong written and spoken English communication skills.
- Commitment to honesty, scientific rigor, and business integrity.
- Critical thinking applied to complex problems and risk-informed decision making.
- Awareness of emerging vulnerabilities and threats in the context of organizational risk and business impact.
- Ability to develop novel attack vectors based on newly discovered vulnerabilities.
- Basic understanding of regulatory standards such as HIPAA, PCI-DSS, and GLBA.
Technologies
- Bash
- Python
- Perl
- PowerShell
- OWASP testing methodology
- AngularJS
- Bootstrap
- REST
- SOAP
- XML
- JSON
- Windows
- Linux
- Containerized applications
- Container-based security controls and configurations
Benefits
- Competitive compensation and benefits
- Healthy work-life balance
- Project-based engagements that align with the team’s strengths
Preferences
- Web application development or source code review experience
- Strong knowledge of Windows and Linux operating systems
- Working knowledge of containerized applications and container-based security controls and configurations
- Current professional certifications such as GWAPT, OSCP, OSCE, or GPEN
Similar Jobs
J
J