SIXGEN

Senior Web Application Penetration Tester

SIXGEN

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $100,000 - $145,000 per year

Job Level

Senior

Tech Stack

AnsibleCloudLinuxOpen SourcePythonSOAPSQLTerraform

About the role

  • Conduct comprehensive, black-box penetration testing of web applications to identify critical vulnerabilities such as SQL injection, XSS, CSRF, XXE, deserialization attacks, RCE, etc.
  • Utilize a bug bounty-style approach to independently enumerate and assess targets, simulating real-world attack scenarios
  • Analyze application architecture and source code (when available) to uncover deeper, logic-based or systemic vulnerabilities
  • Document and communicate findings with clear risk assessments, reproduction steps, and actionable remediation recommendations
  • Stay up to date with evolving web technologies, threat trends, and security tools to ensure cutting-edge testing practices
  • Simulate adversaries and malicious actors and report details and actionable findings on critical assets and infrastructures
  • Collaborate with a diverse team of experienced technical talent supporting cyber and intelligence missions

Requirements

  • US Citizen with the ability to obtain a Secret clearance
  • Minimum 5 years of hands-on web application penetration testing experience
  • Strong preference for OSCP or equivalent hands-on certifications (e.g. CBBH, CWEE, OSWA, OSWE, GWAPT)
  • Proven ability to conduct full-scope penetration tests using tools like Burp Suite, Kali Linux, Metasploit, Nuclei, Nessus, and Nmap
  • Experience developing actionable intelligence based on open source intelligence (OSINT) gathering
  • Experience building offensive capabilities or tools to enhance operations with programming languages such as, but not limited to, Python, Bash, terraform, ansible
  • Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON)
  • Advanced knowledge of manual testing techniques and automated tools (e.g., Burp Suite, OWASP ZAP) to assess application security
  • Familiarity with FISMA and NIST 800-series frameworks; experienced in applying formal testing protocols and methodologies to assess networks, web apps, and cloud environments
  • Strong communication skills for interfacing with clients and documenting findings
  • Demonstrated experience working both collaboratively and independently with minimal supervision
  • Awarded CVEs, Cloud, and Active Directory penetration testing is a plus but not required
Get Well

Security Engineer

Get Well
Mid · Seniorfull-time$110k–$130k / year🇺🇸 United States
Posted: 6 days agoSource: getwellnetwork.applytojob.com
AnsibleAWSCloudDNSDockerFirewallsLinuxPythonTerraform
OXIO

Site Reliability Engineer

OXIO
Mid · Seniorfull-time🇺🇸 United States
Posted: 2 days agoSource: jobs.ashbyhq.com
AnsibleAWSAzureCassandraCloudDistributed SystemsDNSDockerElasticSearchFirewallsGoGrafana+16 more
General Dynamics Information Technology

AWS Developer, SME

General Dynamics Information Technology
Senior · Leadfull-time$191k–$259k / yearNorth Carolina · 🇺🇸 United States
Posted: 21 days agoSource: gdit.wd5.myworkdayjobs.com
AnsibleAWSChefCloudGoogle Cloud PlatformKafkaLinuxMicroservicesNoSQLOraclePuppetPython+3 more
U.S. Bank

Senior DevSecOps Controls Manager

U.S. Bank
Seniorfull-time$124k–$146k / yearColorado, Illinois, North Carolina · 🇺🇸 United States
Posted: 21 days agoSource: usbank.wd1.myworkdayjobs.com
AnsibleAWSAzureChefCloudCyber SecurityDockerJavaJenkinsKubernetesPuppetPython+2 more
CESAR

Analista Sênior de Segurança da Informação

CESAR
Mid · Seniorfull-time🇧🇷 Brazil
Posted: 12 days agoSource: cesar.breezy.hr
AnsibleChefCloudFirewallsGrafanaKubernetesLinuxPuppetPythonSplunkTerraform