Web Application Security Test Engineer

Sensiple Inc.
Addison, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
$ 135K

Job location

Addison, United States of America

Tech stack

Software System Penetration Testing
Biometrics
Burp Suite
Static Program Analysis
Multi-Factor Authentication
Fiddler (Software)
Identity and Access Management
Open Web Application Security
Public Key Infrastructure
Web Application Security
Web Applications
Enterprise Software Applications
Software Security
Information Technology
Static Application Security Testing
Dynamic Application Security Testing

Requirements

This is a Web Application Security Testing role, not a penetration testing position. The focus is on candidates who have hands-on experience testing real enterprise-level web applications (such as banking platforms or other large-scale applications), rather than performing generic or exploratory penetration testing. The ideal candidate must have a deep understanding of OWASP Top 10 vulnerabilities, including the ability to clearly explain the root cause of each vulnerability, how to test for it, and how to fix it., * Strong knowledge of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) is the key on this role, along with hands-on experience using tools like Burp Suite and similar security testing platforms.

  • A key requirement of the role is strong expertise in authentication and authorization testing, including areas such as login systems, password-based authentication, multi-factor authentication (MFA/OTP), biometrics, and understanding potential failure points within these flows.
  • Beyond identifying vulnerabilities, the candidate must act as a security advisor to development teams. This means not only detecting issues but also being able to explain the root cause, recommend solutions, and guide developers on how to remediate them effectively.
  • Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.
  • In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.
  • Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools.
  • Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.
  • Bachelor's Degree in Computer Science or equivalent experience.
  • Must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment.

Apply for this position