Principal Application Security Penetration Tester

Posted 15 April 2024
Salary 90000-100000
Job type Permanent
Discipline Cyber Security
Contact NameDean Charlton
Remote working Hybrid/Flexible

Job description

Role Overview

Our client is searching for a highly skilled Principal Application Penetration Tester to join their growing team. In this role, you'll play a pivotal role in strengthening our clients' security posture by identifying and exploiting vulnerabilities across a wide range of applications, including web applications, APIs, thick clients, and mobile applications.
You'll go beyond basic vulnerabilities like XSS and SQLi, leveraging your deep understanding of application flows to uncover and exploit complex business logic flaws.

Core Responsibilities
  • Plan and execute penetration testing engagements on diverse application types (web, API, thick client, mobile) adhering to industry best practices (OWASP, PTES)
  • Conduct in-depth source code reviews to uncover potential security flaws and business logic vulnerabilities.
  • Identify and exploit a broad spectrum of vulnerabilities, demonstrating a strong understanding of application flows and the ability to translate that knowledge into real-world exploitation scenarios.
  • Utilise a mature suite of web and mobile application security testing tools (Burp Suite, ZAP, etc.) to thoroughly assess application security.

  • 7 to 10 years of experience in penetration testing with a strong focus on various application types (web, API, thick client, mobile).
  • Proven experience in identifying and exploiting a wide range of vulnerabilities (SQLi, XSS, CSRF, business logic flaws, etc.).
  • Very strong understanding of web and mobile application security principles (OWASP Top 10, secure coding practices, mobile security considerations), application flows, and the ability to translate that knowledge into actionable testing strategies
Sound like your next challenge? Then apply today!