Web Penetration Tester

Job Description for Security Consultant/Web Penetration Tester

SecuSolutions is in the business of providing essential security solutions that safeguard mission critical infrastructure and data. For more than 21 years, founding members, key staff and management have worked directly in the field of cyber security. We have served Governments, Large Enterprises and Small to Medium Sized Businesses around the globe.

Our Security Professionals hold some of the most esteemed certifications in the industry.

SecuSolutions offers the following services:

· Online Security Training

· Phishing Simulations

· Vulnerability Assessments

· Deep Web Analysis

· Penetration testing and Scenario-based engagements

· Red Team engagements

· Purple Team engagements

· USB Drop Simulations

· Security Audits, NIST, ISO SOC 2 readiness

What we can offer you:

· Remote work, forever and always

· Support for advancement of educational goals

· Calgary office location available if desired

· Figured out an optimization or have a wonderful idea? We will support and encourage you in the journey to implement it!

· Exposure to a wide array of technologies and fields related to offensive cybersecurity

· Opportunity to work with a variety of technologies in diverse customer environments ranging from mid-sized organizations to large enterprise environments

· A position on our highly experienced close-knit team, where we love helping each other grow

· Real penetration testing experience on diverse customer environments with permissive and carefully applied scoping practices. We take proper scoping very seriously, to ensure that our team has the ability to correctly and comfortably carry out the engagements assigned.

Responsibilities:

· Maintain an up to date understanding of cyber security threats, countermeasures, cloud, and application security.

· Stay updated on the latest offensive security tools, and testing techniques.

· Conduct research and implement projects for improvement of offensive security methodology and tools.

· Conduct comprehensive penetration testing of web applications, APIs, network devices, and other systems.

· Identify vulnerabilities, including OWASP Top 10 issues, and provide detailed remediation guidance.

· Collaborate effectively within a team, promoting open communication and teamwork to achieve successful results.

· Perform thorough code audit reviews to detect vulnerabilities, enforce best practices, and improve overall code quality.

· Prepare detailed penetration testing reports that include executive summary, findings, risk assessments, and remediation recommendations.

Professional Qualifications and Expertise - preference will be given to candidates who have:

• No degrees necessary, we give priority to candidates with mature skillsets and experience
• At least one of the following certifications: OSCP, OSEP, GIAC, PNPT, eCCPTv2, OSWA, OSWE
• A resident of Canada/US

· Demonstrate a solid understanding of the architecture and development principles for web and mobile applications. Preference given to candidates with professional web development experience.

· Familiarity with widely recognized penetration testing standards, methodologies, and frameworks, such as MITRE ATT&CK, PTES, OWASP, CREST, OSSTMM, CWE, CAPEC, CVE, CVSS, NIST, and others.

· Proficiency in development technology such as Docker, CDK, Terraform, Java, Python, React, GraphQL, JavaScript, JSON, REST, and others.

· Extensive expertise in source code review with a focus on programming languages including Java, C#, C/C++, PHP, Ruby, Python, Go, Swift, Objective-C/C++, Kotlin, and others.

· Proficient in using tools like Burp Suite, OWASP ZAP, Metasploit, and a wide range of other penetration testing tools.

· Proficiency in one or more programming languages.

· Proficiency in scripting languages.

· Knowledge of the latest attack trends, tools, and the threat landscape

· Understanding of TCP/IP, HTTP/HTTPS, HTML, JavaScript, CSS, and other technologies involved in delivering sophisticated web services.

· Strong Windows/Linux operating system and service administration experience

· Cloud (AWS, Azure, Google, DigitalOcean) skillset is an asset.

Desirable Skills:

· Ability to learn technologies, frameworks, and concepts in a self-directed manner

· Ability to work independently and as a member of a remote team

· Effective communicator of technical and business information, both verbal and written

· Proven troubleshooting and problem-solving ability

· Strong customer service

· Time management

· Motivated to learn and grow, able to learn new technologies

· Self-motivated

· Excellent written and oral communications skills (English)

· Excellent troubleshooting/problem solving / analytics skillset

· Ability to work independently and with a team in a high-demand environment

*NOTE - This Job Post will remain up until a suitable candidate is found.