Lead Application Security Tester / Source Code Review
Onsite / Washington, DC
Our client, established in 2016, is dedicated to redefining cybersecurity landscapes through unmatched innovation that has positioned them at the forefront of the industry, is looking for a talented Lead Application Security Tester to join their team in DC!
With their groundbreaking Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT, they have cemented their status as leaders in delivering proactive cybersecurity testing and advisory services.
As they continue to expand our reach and deepen our impact, they are on the lookout for a dynamic Lead Application Security Tester and Source Code Review to strengthen their team. This role is tailor-made for someone who brings passion, expertise, and a visionary outlook to the table—someone who is ready to drive projects that redefine what's possible in cybersecurity.
Requirements
Lead Application Security Tester and Source Code Review
- Onsite in a Secure Facility during regular business hours
- Leading a Team of Security Testers
- Testing Developer Flows and Mobile Apps: Conducts thorough security testing of developer workflows and mobile applications (for both iPhone and Android platforms), identifying security issues and vulnerabilities.
- Conducting Source Code Reviews: Performs in-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications.
- Executing Tests/Assessments and Drafting Reports: Similar to the Red Team, executes detailed assessments and compiles findings into reports for further review and action.
- Bachelor’s degree in Computer Science, Software Engineering, or related field.
- Professional certifications such as GWAPT (GIAC Web Application Penetration Tester), OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or similar.
- 5-7 years of experience in application security testing and source code review.
- Proficiency in multiple programming languages and understanding of secure coding practices.
- Strong analytical skills and attention to detail for identifying vulnerabilities.
Experience With The Following Tools Or Equivalent Solutions Preferred
- Burb Suite Pro
- Checkmarx
- Corellium
- Synopsys
- Acunetix
- VeraCode
- SAST & DAST Tools
- Plextrac
- Mandiant
- Cobalt Strike
- Cloud security (AWS / Azure / Oracle
- Postman
- SmartBear Ready
- API and SoapUI
- Hashicorp Vault
Benefits
Beyond a role, joining this company means becoming part of a community dedicated to making a difference.
They Offer
- Health, Vision and Dental Insurance
- Generous Paid Time Off
- 401K Matching