Application Penetration Tester 3 Job at Akkodis, Washington DC

WGFTQWdkbHlYeFBOdU44c0pZbnFJSnhwSHc9PQ==
  • Akkodis
  • Washington DC

Job Description

Role: Application Penetration Tester 3

Duration: Direct hire – REMOTE

Pay Range: $120,000 - $160,000 per year

Location: Washington DC

Remote Status: Remote

Job Overview:

seeking a skilled Penetration Tester II with 3+ years of hands-on experience in offensive security to join our growing team. The ideal candidate is highly skilled in adversary emulation, has excellent communication skills, and is capable of scoping and executing sophisticated attacks in diverse and complex environments.

The Penetration Tester II will be required to conduct advanced operations, simulating real-world adversaries to challenge organizational security defenses, secure code development practices, and application security models. The successful candidate will be required to perform targeted technical assessments across a wide range of assets to include but not limited to:

  • Web and mobile applications (iOS, Android)
  • Cloud platforms (e.g., AWS, OCI, Azure, GCP)
  • Containerized environments (e.g., Docker, Kubernetes)
  • Network perimeter and internal infrastructure

To perform comprehensive testing, the candidate will work within a collaborative and team-oriented environment where they are expected to develop and deploy custom tools, exploits, and payloads to bypass controls and evade detection, map adversarial tradecraft (e.g., MITRE ATT&CK tactics) and replicate techniques used by threat actors in realistic scenarios and leverage offensive security tooling to conduct assessments and document findings clearly and concisely for both technical and non-technical audiences, providing actionable remediation guidance.

Primary Responsibilities:

  • Conduct comprehensive security assessments including but not limited to penetration testing, infrastructure vulnerability assessments, systems audits and validating security controls.
  • Plan and execute technical testing/assessments of web and mobile applications, containers, and cloud infrastructure, leveraging testing methods and frameworks such as DAST, OWASP Top Ten, and OWASP ZAP.
  • Triage, peer review, publish, and communicate findings and recommendations to client stakeholders.
  • Leverage automated security testing and monitoring such as integrating CI/CD pipelines.
  • Validate security controls around web resources and mobile applications and their backend web services.
  • Develop comprehensive and accurate reports and presentations for varied stakeholders.
  • Utilize adversarial tradecraft and cyber threat intelligence to design, emulate, and execute realistic assessments, employing both specialized and emerging techniques.
  • Perform innovative research and promote an environment of innovation and knowledge sharing.
  • Design and propose new penetration assessments based on prior findings and understanding of client infrastructure.
  • Custom malware and exploit development.
  • Develop/modify custom tooling or processes to solve or improve identified assessment or program needs.
  • Other program operational or project initiatives to be assigned.

Minimum Qualifications:

  • 3+ years of experience performing red team penetration tests/operations or equivalent experience (e.g. 5+ years designing web or mobile applications, with less than 3 years of experience in penetration testing, red team emulation, blue team or purple team operations or similar combination of relevant experience).
  • Experience with Windows and Nix systems.
  • Experience with reading, writing, and editing code written in various programming languages, such as Perl, Python, Ruby, Bash, C/C++, C#, and Java.
  • Proficiency in DAST tools like Nessus, Burp Suite, OWASP ZAP, Netsparker, Acunetix, Chechmarx, Fortify WebInspect, VeraCode, ZAP, Intruder, Detectify, Corellium, Synopsys, ReadyAPI, and Jit.
  • Proficiency in offensive cyber tooling such as Empire, Bloodhound, Nmap, Wireshark, Metasploit, BeEF, SQLMap, John the Ripper, Fuzzing tools, Netcat, Hydra, etc.

Preferred Qualifications:

  • Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections.
  • Experience with Docker and Kubernetes security.
  • Experience or familiarity with cloud security practices or penetration tests (AWS, Azure, Oracle).
  • Holds at least one industry standard certification such as GWAPT, OSCP, GCIH, GPEN, GXPN, CRTE, CRTP, CEPT, GCPN, eWPT, CASE, GX-IH, GRTP, GPYC, and CRTO.
  • Active contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, conferences, etc.
  • Experience with iOS and Android operating systems.
  • Experience with securing and testing API vulnerabilities.
  • Leverage proof of concept code to build or tailor exploits.
  • DevOps Experience: GitLab, GitLab CI, Docker Buildkit, docker-compose, cross-compilation toolchains, build systems.
  • Knowledge of regulatory requirements and industry standards (e.g. GDPR, PCI-DSS).

Eligibility Requirement:

Applicants must currently reside in the United States and be authorized to work in the U.S. without the need for current or future visa sponsorship.

Job Tags

Remote job, Visa sponsorship,

Similar Jobs

PNC Financial Services Group

Commercial Real Estate Treasury Management Officer II Job at PNC Financial Services Group

 ...within PNC's Treasury Management Commercial Real Estate Sales organization, you will be based...  ...s discretion. Job Description Coordinates relationship management activities with...  ...No Required Certification(s) Licenses No Required License(s) Pay Transparency... 

Alpine Solutions Group

Medical Coder Job at Alpine Solutions Group

 ...MUST: ~3+ years of experience as an outpatient Medical Coder ~ CPC or COC ~ CAC Coder Certificate (either has it or company will pay for them to get it)~2+ years of ICD-10 coding PLUS: Medical flight background CMS guidelines for ambulance, air, and... 

Katz Melinger PLLC

Director Of Operations Job at Katz Melinger PLLC

 ...We seek a Director of Operations to be the owner's strategic business partner and help accelerate Katz Melingers continued growth. This...  ...; acceptable candidates will have experience directly managing a team of at least 10 people, with the autonomy to hire and fire... 

Cresset

Associate Director, Private Wealth Client Services Job at Cresset

 ...independent, award-winning multi-family office and private investment firm, we are reimagining the way wealth is experienced. Our purpose is to help ensure that...  ...Client Services with 5+ years of experience managing the administrative and private banking needs for high... 

ETS Dental

Associate Dentist Job at ETS Dental

 ...Seeking a general dentist to take over an existing associates position for 4 days a week. The opportunity is offering great mentorship under the current owner, who does dentures, braces, Invisalign and implants! The opportunity is in Sallisaw, OK. Their ideal candidate...