Consultant - Application Security Penetration Tester

Consultant – Application Security Penetration Tester

Strong knowledge of OWASP Top 10 and ability to explain vulnerabilities and attack vectors.
Hands-on experience with web application security testing and exploits.
Proficiency in Linux, VMWare, and GitHub for security assessments.
Working knowledge of popular web technologies like .NET, Java EE, Node.js, Rails, or JavaScript.
Familiarity with code scanning and dynamic analysis tools.
Expertise in API security testing and protocol handling.
Experience working with cloud security principles (AWS, GCP, Azure).
Understanding of IAM policies and security configurations in cloud environments.
Strong problem-solving and critical-thinking skills.
Ability to work independently and collaborate with teams effectively.
Strong time management and ability to meet deadlines.
Excellent verbal and written communication skills – able to explain findings to technical and non-technical stakeholders.
Open to constructive feedback and continuous learning.
A passion for mentorship and knowledge sharing.
A client-centric mindset with a high level of professionalism and collaboration.
Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience.

Perform application security assessments using penetration testing, threat modeling, and code review techniques.
Identify and remediate security vulnerabilities in web applications, APIs, cloud environments, and enterprise systems.
Conduct API security testing (SOAP, REST, GraphQL) and evaluate authentication/authorization mechanisms.
Analyze network security controls, including firewalls, SSL/TLS, encryption, and VPN configurations.
Collaborate with development teams to integrate security into the Secure Development Life Cycle (SDLC).
Conduct code reviews across various languages to identify security flaws and vulnerabilities.
Work with cloud security testing methodologies and ensure compliance with security standards.
Provide clear, well-written reports with actionable recommendations.
Consult with clients to explain findings, address security concerns, and provide remediation guidance.
Support mentorship and knowledge sharing within the team.
Lead and support penetration testing projects from start to finish.
Contribute to thought leadership through blog posts, conference talks, and R&D initiatives.
Stay up to date with security policies, industry best practices, and emerging threats.

Experience with AWS security concepts (IAM, STS, security controls, serverless architectures).
Hands-on experience with AWS services like S3, SQS, SNS, Lambda, and API Gateway.
Familiarity with DevSecOps, CI/CD security, and infrastructure automation.
Experience in mobile security (iOS/Android) and IoT testing.
Deep understanding of network and host-based penetration testing methodologies.
AWS Cloud Practitioner
AWS Certified Security – Specialty
Offensive Security Certified Professional (OSCP)