Penetration Testing

Role: Penetration Testing / Security Test Engineer

Location: Santa Clara, CA

Role Summary

The Application Security & Penetration Testing Specialist will be responsible for conducting security assessments across web, mobile, thick client, and instrumented applications. The role includes vulnerability analysis, criticality-based reporting, and close collaboration with development, application, and product teams to support remediation. The position also provides platform administration and analytics support for SAST, DAST, SCA, and vulnerability management tools, along with cloud and infrastructure assistance as required.

Key Responsibilities

Instrument / Network Penetration Testing

• Conduct security testing of instrumented or connected applications, including exposed network services and interfaces

• Use Nessus / Tenable.SC for vulnerability scanning and configuration assessment

• Analyse and prioritize vulnerabilities based on criticality

• Prepare detailed vulnerability reports and support application teams during remediation

Web Application Penetration Testing

• Perform security scanning and manual penetration testing of in-scope web applications

• Identify, analyze, classify, and prioritize vulnerabilities based on agreed standards such as:

o OWASP Top 10

o CVSS / CVS

o Organization-specific security standards

• Produce criticality-based vulnerability reports with clear remediation guidance

• Provide clarification and consultation support to Application, Development, and Asset Owner teams during vulnerability remediation

Mobile Application Penetration Testing

• Conduct security testing of in-scope mobile applications (Android/iOS)

• Analyze identified vulnerabilities and prioritize them based on severity and business risk

• Generate criticality-based reports for stakeholders

• Support application teams with remediation-related clarifications

Thick Client Penetration Testing

• Perform security assessments of thick client applications

• Analyze vulnerabilities related to client-server communication, authentication, authorization, and data protection

• Prioritize findings and prepare severity-based reports

• Provide consultation support to development and application teams

Additional Security Platform & Tooling Support

SAST (Static Application Security Testing)

• Provide operational and administrative support for:

o Coverity on Polaris

o Polaris

o GitHub Application Security

• Manage user access, configurations, and scan operations

• Import SAST data into Power BI for:

o Security trend analysis

o Risk dashboards

• Generate management and operational reports from Power BI

DAST (Dynamic Application Security Testing)

• Provide support for WhiteHat DAST tool operations

• Administer tool configurations and access

• Import scan data into Power BI for analytics and reporting

• Generate vulnerability trend and compliance reports

SCA (Software Composition Analysis)

• Provide support for Black Duck SCA

• Administer tool usage, scan scheduling, and configurations

• Import vulnerability and license risk data into Power BI

• Generate trend, risk, and compliance reports

Vulnerability Management (Tenable)

• Provide support for Tenable.SC / Nessus

• Run vulnerability scans for product teams as required

• Provide tool administration, configuration, and access management

• Import scan data into Power BI

• Generate vulnerability posture and trend reports

Required Skills & Competencies

Technical Skills

• Strong knowledge of:

o Web, Mobile, Thick Client, and Network Security

o OWASP Top 10, CVSS, secure coding concepts

• Hands-on experience with:

o Nessus / Tenable.SC

o WhiteHat DAST

o Black Duck SCA

o Coverity / Polaris / GitHub Security

o Power BI (data import, analysis, dashboard creation)

• Understanding of AWS Cloud, containers, and infrastructure security

• Exposure to Jira administration

Soft Skills

• Strong analytical and problem-solving skills

• Ability to communicate security risks clearly to technical and non-technical stakeholders

• Collaborative mindset with application, development, and product teams

• Good documentation and reporting skills

Preferred Qualifications

• Certifications such as:

o CEH, OSCP, GWAPT, AWS Security Specialty (preferred)

• Experience in regulated or enterprise environments

• Familiarity with DevSecOps practices and CI/CD security integration