Web Application Penetration Tester

Location: Sacramento, CA
Date Posted: 04-16-2018
PROJECT SCOPE/TASKS
  • Perform web application penetration security testing using OWASP top 10, as needed, for CalPERS web applications using manual and automated techniques using provided commercial proxy tool
  • Provide security analyses and recommendations to application development teams for implementing administrative, physical and technical controls to mitigate findings
  • Provide clear and concise technical documentation, assessments, status reports and other written artifacts as required
  • Attend project, staff, and management meetings as required;
  • Train development staff on application security testing techniques/methodologies.
 
MINIMUM QUALIFICATIONS
  • Must have 5+ years of experience in performing manual web application penetration testing using OWASP Top 10 as a guideline using commercial proxy tool.
  • Must have 5+ years of experience with security frameworks (e.g., ISO 27002, NIST, etc.)
  • Must have 5+ years of experience running security tools and related software
  • Must have 5+ years of technical security experience in applying information security best practices
 
DESIRED QUALIFICATIONS
  • Possess a SANS/GIAC Web Application Penetration Tester (GWAPT) certification
  • 5+ years of experience performing source code review based on OWASP standards.
  • Broad industry knowledge, including financial industry information security experience (verifiable), of enterprise and open-source security products and their implementation.
or
this job portal is powered by CATS