Penetration Tester
DKMRBH Inc.
Rensselaer, United States of America
3 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Rensselaer, United States of America
Tech stack
Java
API
Applications Architecture
Software System Penetration Testing
Bash
Burp Suite
Cloud Computing
Computer Security
Java Security
Python
Open Web Application Security
Fortify (Software)
Secure Coding
Web Application Security
Mobile Security
Software Engineering
SQL Injection
Software Vulnerability Management
Scripting (Bash/Python/Go/Ruby)
Java Application Server
Enterprise Software Applications
Mitre Att&ck
Cross-Site Scripting (XSS)
Information Technology
Metasploit
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing
Job description
The client is seeking an experienced Penetration Tester specializing in Java application security. The role focuses on identifying, exploiting, and remediating vulnerabilities in large-scale enterprise applications to strengthen overall cybersecurity posture. The consultant will work closely with development and testing teams to integrate security practices into the software development lifecycle., * Perform penetration testing and vulnerability assessments on Java applications and infrastructure
- Identify and analyze security vulnerabilities using both automated and manual techniques
- Develop and execute custom exploits to simulate real-world attack scenarios
- Collaborate with development teams to assess application architecture and detect security gaps early
- Partner with QA teams to integrate security into manual and automated testing processes
- Provide recommendations for secure coding practices and vulnerability remediation
- Stay current with Java security threats, NIST CVEs, and industry best practices
- Support secure SDLC improvements and security governance initiatives
- Assist in incident response related to Java application vulnerabilities
- Document findings with detailed risk assessments and remediation strategies
- Communicate technical findings to both technical and non-technical stakeholders
- Contribute to security policies and standards for application development
- Analyze URLs, query parameters, browser data, tokens, and caching mechanisms for vulnerabilities
- Evaluate production vs. non-production environments for security risks
- Apply frameworks such as MITRE ATT&CK in security assessments
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field
- Minimum 6+ years of experience in Development and Security (DevSec) roles
- Strong background in Java programming and secure coding practices
- Experience with penetration testing and ethical hacking focused on Java applications
- Prior experience working on large-scale enterprise applications
- Proficiency in web application security standards (e.g., OWASP)
- Knowledge of common vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS)
- Hands-on experience with tools such as Burp Suite and Metasploit
- Familiarity with Fortify on Demand (SAST/DAST tools)
- Strong understanding of cryptography and secure protocols (SSL/TLS)
Technical & Soft Skills
Technical Skills:
- Core Java development and security testing
- Web application security and vulnerability assessment
- Secure code review and exploit development
- Scripting (preferred: Python, Bash)
- API and browser-based security testing
- Knowledge of cloud and mobile security testing (preferred)
Soft Skills:
- Strong analytical and problem-solving ability
- Clear communication with cross-functional teams
- Ability to explain technical risks to non-technical stakeholders
- High level of integrity and confidentiality
