CybersecurityJobs.io
← Back to all jobs

Job Description

Black Lantern Security is seeking a remote Web Application Penetration Tester to evaluate a broad spectrum of assets, from web and mobile applications to databases, client-side tools, and APIs. The role centers on hands-on testing, building custom tooling and exploits, and delivering thorough reports with practical mitigations for enterprise clients.

Responsibilities

  • Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
  • Perform manual and automated analysis of source code to assess security and quality.
  • Engage in pre-assessment activities such as recon, documentation reviews, configuration analysis, and customer interviews.
  • Develop custom tools and exploits as needed.
  • Analyze security findings through risk and root-cause analyses.
  • Produce comprehensive reports detailing findings, exploitation steps, and mitigations.
  • Deliver walkthroughs, proofs of concept, articles, and formal presentations.
  • Verify and validate customer mitigations and fixes through testing.

Requirements

  • U.S. citizenship with willingness to undergo federal, state, and local background checks and related requirements.
  • Experience performing penetration testing on enterprise networks, web applications, and mobile applications.
  • Knowledge of common web vulnerabilities such as XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal, SSRF, Remote Execution Flaws, Server Configuration Flaws, and Authentication Flaws.
  • Experience testing web-based APIs (REST, SOAP, XML, JSON).
  • Ability to design and document pragmatic remediation guidance for discovered vulnerabilities.
  • Experience building actionable intelligence from open source intelligence (OSINT) gathering.
  • Proficiency with at least one scripting language (Bash, Python, Perl, PowerShell, etc.).
  • Solid understanding of the OWASP testing methodology.
  • Familiarity with front-end frameworks (e.g., AngularJS, Bootstrap).
  • Capacity to work effectively with minimal supervision.
  • Strong written and spoken English communication skills.
  • Commitment to honesty, scientific rigor, and business integrity.
  • Critical thinking applied to complex problems and risk-informed decision making.
  • Awareness of emerging vulnerabilities and threats in the context of organizational risk and business impact.
  • Ability to develop novel attack vectors based on newly discovered vulnerabilities.
  • Basic understanding of regulatory standards such as HIPAA, PCI-DSS, and GLBA.

Technologies

  • Bash
  • Python
  • Perl
  • PowerShell
  • OWASP testing methodology
  • AngularJS
  • Bootstrap
  • REST
  • SOAP
  • XML
  • JSON
  • Windows
  • Linux
  • Containerized applications
  • Container-based security controls and configurations

Benefits

  • Competitive compensation and benefits
  • Healthy work-life balance
  • Project-based engagements that align with the team’s strengths

Preferences

  • Web application development or source code review experience
  • Strong knowledge of Windows and Linux operating systems
  • Working knowledge of containerized applications and container-based security controls and configurations
  • Current professional certifications such as GWAPT, OSCP, OSCE, or GPEN

Similar Jobs