Application Security Testing and Source Code Review
Onsite / Washington, DC
Our client is seeking a Application Security Tester and Source Code Review professional to join a great team! This role is tailor-made for someone who brings passion, expertise, and a visionary outlook to the table—someone who is ready to drive projects that redefine what's possible in cybersecurity.
Job Summary
- Testing Developer Flows and Mobile Apps: Conducts thorough security testing of developer workflows and mobile applications (for both iPhone and Android platforms), identifying security issues and vulnerabilities.
- Conducting Source Code Reviews: Performs in-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications.
- Executing Tests/Assessments and Drafting Reports: Similar to the Red Team, executes detailed assessments and compiles findings into reports for further review and action.
Required Qualifications
- Bachelor’s degree in Computer Science, Software Engineering, or related field.
- Professional certifications such as GWAPT (GIAC Web Application Penetration Tester), OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or similar.
- 3+ years of experience in application security testing and source code review.
- Proficiency in multiple programming languages and understanding of secure coding practices.
- Strong analytical skills and attention to detail for identifying vulnerabilities.
- Proficiency with the following tools is required:
- Checkmarx
- Synopsis
- Corellium
- Burb Suite Pro
- Acunetix
- VeraCode
- SAST & DAST Tools
- Plextrac
- Mandiant
- Cobalt Strike
- Cloud security (AWS / Azure / Oracle)
- Postman
- SmartBear Ready
- API and SoapUI
- Hashicorp Vault