Application Offensive Security Consultant

The Application Offensive Security Consultant is responsible for providing technical direction and performing security assessment on applications.

JC, NJ - Hybrid
65hr. CTH Perm
 

• Perform red teaming against applications and APIs.?
• Perform application threat hunting to evaluate risk to applications.
• Perform manual (non-automated) security testing of applications.
• Provide the vulnerability information in the predefined report format after performing the testing using manual methodology and tools
• Generate reports on assessment findings and summarizes to facilitate remediation, document technical issues identified during security assessments
• Be a subject matter expert and respond to any security engineering questions/ requests related to Application Defense enhancements

Talents needed for Success:

• Minimum of 6 years of related experience
• Bachelor’s Degree and/or equivalent experience

Talents needed for Success:

• Minimum of 6 years of experience in application security testing
• Minimum of 4 years of experience in conducting red teaming engagements
• Minimum of 4 years of experience in application security testing tools such as Burp Suite Professional & Owasp Zap
• Ability to test manually and “live off of the land strategies”
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques
• Understanding of MITRE Framework and adversarial methodologies
• Ability to bypass controls and/or test countermeasures for misconfigurations
• Ability to work under pressure, multitask and be flexible
• Certified in OSCP or GWAPT or related offensive security/red teaming certification
• *This is not a penetration testing role. It goes beyond the scope of a traditional pen test*