Penetration Tester
Donato Technologies, Inc
Albany, United States of America
3 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Albany, United States of America
Tech stack
Java
Applications Architecture
Software System Penetration Testing
Automation of Tests
Bash
Burp Suite
Cloud Computing Security
Computer Security
Mobile Application Software
Java Security
Python
Open Web Application Security
Systems Development Life Cycle
Fortify (Software)
Secure Coding
Web Application Security
SQL Injection
Scripting (Bash/Python/Go/Ruby)
Java Application Server
Software Security
Mitre Att&ck
Cross-Site Scripting (XSS)
GWAPT
Information Technology
Metasploit
Cybercrime
Api Management
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing
Job description
- Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
- Identify security flaws in Java code using automated and manual methods.
- Create and use custom exploits to test application security, simulating attacker tactics.
- Collaborate with Development teams to understand application architecture and find security weaknesses early.
- Collaborate with Testing teams to integrate with manual and automation testing.
- Provide guidance on secure coding and how to fix vulnerabilities.
- Stay updated on Java security threats and best practices.
- Help improve secure development processes (SDLC).
- Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
- Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
- Communicate findings and recommendations to both technical and non-technical staff.
- Contribute to security policies for Java development and deployment.
- Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses browser tokens and cache manipulation and Production vs. none prod architecture.
- Familiar with MITRE ATT&CK Framework.
Requirements
We are seeking a skilled Penetration Tester with a focus on Java application security is sought to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats., * Bachelor s degree in a related software field with 6+ years in a Dev Sec role.
- Core Java coding experience.
- Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Minimum of 6 years of Development/Security experience
- Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
- Strong knowledge of Java programming and its security practices as well as scripting experience.
- Proficiency in web application security principles (e.g., OWASP).
- Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
- Experience with penetration testing tools like Burp Suite, Metasploit.
- Familiarity with Fortify on Demand SAST and DAST tools.
- Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
- Excellent problem-solving and analytical skills.
- Strong communication skills.
- High ethical standards and confidentiality., * Certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.
- Experience with scripting languages (e.g., Python, Bash).
- Experience with secure code review for Java.
- Familiarity with cloud security testing.
- Experience with mobile application penetration testing.
- Knowledge of regulations like HIPAA.
- Experience with API testing, Required Qualifications Bachelor's degree in a related software field with 6+ years in a Dev Sec role. Core Java coding experience. Previous job background as an engineer and D…
About the company
Donato Technologies Inc. is a trusted IT staffing, consulting, and software development partner headquartered in Dallas, Texas. We support clients across industries by understanding their unique business needs and delivering tailored technology and workforce solutions. Our focus is on connecting the right talent with the right opportunity-ensuring clients receive dependable, skilled professionals and candidates receive meaningful career growth and support. We work closely with small to mid-sized organizations to provide flexible, high-quality services that drive performance, innovation, and long-term success.