Responsibilities include but are not limited to:
- Perform engagement kick off calls, wrap up calls, email responses and debriefs for each penetration test you deliver.
- Conduct penetration tests of web applications, thick client applications, and APIs.
- Analyze security findings, including risk analysis and root cause analysis.
- Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
- Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
- Execute verification and validation testing for customer mitigations and fixes.
- Be a continuous learner, keeping up to date on a wide variety of IT Security related skills and industry knowledge
- Develop custom tools and exploits.
- 5-7 years of application penetration testing experience in the following:
- Thick client applications
- Web Applications
- 3-5 years shell scripting or automation of simple tasks for repeatability
- 2-3 years developing, extending, or modifying exploits, shellcode, or exploit tools
- 2-3 years developing applications in Java, C++, or other OOP languages
- Source code review for control flow and security flaws
- Strong knowledge of application testing tools, as well as manual approaches to security testing
- Strong hands-on experience with Burp Suite and its extensions
- In-depth knowledge of industry-standard vulnerabilities
- Knowledge of web browsers, web applications, and APIs
- Understanding of industry-standard security tools
- Ability to concurrently manage multiple, highly complex tasks
- Ability to proficiently communicate with internal customers
- Ability to collaborate with other engineers
- Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
- Solid understanding of OWASP testing methodology.
Specialized Knowledge And Skills
- Ability to develop and present technical material to all audience levels
- Excellent interpersonal communication skills, with the ability to adapt approach and style to different audiences (technical and non-technical)
- Ability to work with minimal supervision
- Strong analytical and problem-solving skills
- Ability to prioritize tasks and maintain relationship with key stakeholders
- Experience working with global teams
- Applicable knowledge of any cloud technology such as AWS, Azure or Google Cloud
- One or more of the following certifications are preferred:
- OSCP, CEPT, GPEN, GWAPT
- GIAC certifications
Technology Doesn't Change the World, People Do.®
Robert Half is the world’s first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.
Robert Half puts you in the best position to succeed by advocating on your behalf and promoting you to employers. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity – even on the go.
Questions? Call your local office at 1.888.490.4429. Robert Half will consider qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. All applicants applying for U.S. job openings must be authorized to work in the United States. Benefits are available to temporary professionals.