Web App Pen Tester (San Diego or Irvine)

Overview

Conduct web app penetration tests and secure applications across development lifecycle.

Key Responsibilities

• security tools
• penetration testing
• code review
• ci/cd automation
• secure sdlc
• bug bounty

Tasks

-Consume a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) to secure web applications during development and production run-time -Hack the Box Penetration Testing Specialist (CPTS) / AD Pentesting Expert (CAPE) -Recommend code changes to eliminate vulnerabilities -Automate security testing at various stages within the CI/CD pipeline -Hack the Box Bug Bounty Hunter (CBBH) / Web Exploitation Expert (CWEE) -Utilize sustainable methods to automate finding feedback to generate developer work items and trigger re-scan when associated work items are closed -Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC -Conduct penetration tests on web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques

Requirements

• bachelor's degree
• oscp
• ewptx
• penetration testing
• ci/cd
• burp suite

What You Bring

-Knowledge of infrastructure operations across databases, network, and system administration -A track record of commitment to prior employers -Experience with web application penetration testing, identifying and exploiting attack chains to evaluate the severity of vulnerabilities within a web application -Bachelor’s Degree required from an accredited, not for profit university or college (preferably in Computer Science/Cybersecurity) -Ability to mentor and train team members to prioritize security efforts effectively -INE Security Web Application Penetration Tester eXtreme (eWPTX) -Experience writing comprehensive reports that clearly demonstrate the risk of vulnerabilities to developers and technical leadership -Experience with mobile application penetration testing -Experience testing modern applications in cloud-native tech stacks -Experience with defense-in-depth strategies to help mitigate existing risk within applications -Hands-on experience implementing security tools into CI/CD pipelines -Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation -Those certifications can be substituted with considerable experience in CTFs, impressive CVEs, or impressive bug bounty reports. -Experience coordinating with application teams to drive security by design principles -In-depth understanding of various assessment tools -Offensive Security Certified Professional (OSCP) / Experienced (OSEP) -A self-starter who can advance the application security program and follow-through ideas to completion -Dynamic application security testing (DAST) through Metasploit, Burp Suite, OWASP ZAP, Acunetix, etc. -Minimum 1 to 3 years total experience in a technical role with at least 1 year of professional experience penetration testing -Industry relevant professional certifications such as: -Experience with common programming language: C# (preferred), Java, C/C++, Python, or Go -Scripting/programming skills - Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration -Demonstrate risk of detected issues to both technical and non-technical audiences -Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk

People Also Searched For

Benefits

-Life, legal, and supplementary insurance -Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks -Paid time off -Tuition reimbursement -Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug -On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes -Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups -Employee stock purchase plan -Virtual and in person mental health counseling services for individuals and family -Commuter and parking benefits -401(K) retirement plan with matching contributions

About Costar Group

-Offers comprehensive data on properties, tenants, leases, and market conditions globally. -Known for its pioneering technology and research, delivers powerful insights to commercial real estate professionals. -Its旗舰平台, CoStar, provides unmatched property data, news, and analytics. -Platforms used by real estate professionals, from brokers to investors to property managers. -Expanded through strategic acquisitions, including the purchase of LoopNet and Apartments.com. -Data-driven insights help clients make informed investment and leasing decisions, shaping the global real estate market.

Sector Specialisms

Visa Sponsorship

-no visa sponsorship is provided for this role.

Security Clearance

-pre-employment substance abuse testing is required.