Pen testing Engineer

5+ years as a principal security consultant or senior level

Experience manually testing web applications or enterprise penetration testing

Experience with a scripting language (e.g. Perl, python, PHP, ruby) and a programming language (e.g. JAVA, Objective C)

Proficiency in Mac OS X and/or other flavors of UNIX

General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services

Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) to provide application architecture feedback

Background in web application development and/or code auditing strongly preferred

Strong verbal & written communication skills

Passion for discovering and researching new vulnerabilities and exploitation techniques

Strong knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities (such as XXE, XXS, SQLi, etc.)

Scoper

Ability to ascertain and clearly articulate the size and scope of an assessment

Strong verbal & written communication skills

Strong understanding of Web and Mobile appsec testing and vulnerabilities

General understanding of secure network architecture and design

General knowledge of common web technology stacks (LAMP, LEMP, MEAN, etc.)

General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services