Ethical Hacker

Job Description: - Your primary role is to perform penetration testing of web applications, mobile applications, thick clients, and APIs.

- Source code review and whitebox penetration testing to prove the impact of application flaws.

- Reverse engineering of mobile and thick client applications.

- You sometimes chain application flaws to other areas, such as cloud and on-prem AD infrastructure.

- Opportunities for lateral movement into the infrastructure teams are limited and given at the manager's discretion.

- Develop detailed reports on findings and remediations for impactful findings.

- You will learn to debrief these findings at both a technical and executive level.

- Perform SAST and DAST on enterprise, SaaS, and custom in-house applications.

- Experience in using scanners and knowledge of validation and elimination of false positives.

- A strong understanding of OWASP in Web, API, Mobile, and AI/LLM is necessary, but you will be asked to go beyond.

Requirements: - Solid working knowledge of programming languages, including C, C#, Python, Objective-C, Java, JavaScript, SQL, and frameworks like AngularJS.

- Familiarity with web services and data exchange formats such as XML, JSON, SOAP, REST, and AJAX.

- Understanding of AI/LLM weaknesses and flaws in applications.

- Extensive experience/expertise in using an attack proxy (e.g. Burp Suite)

- Preferred if you have 3 - 5 years of experience working in penetration testing and consulting

- A graduate of a post-secondary college or university degree program.

- Has at least two years of experience dealing with information security-related tasks.

- Has professional qualifications (one or more): OSCP, OSWE, BSCP. OSCP or Burp is mandatory for our organization.

Benefits: - Amazing team and working environment

- Competitive compensation and pay for performance

- Employee growth and development

- Fully remote (in Texas)

- At-Will Employment