The Application Penetration Tester will have strong web and mobile application development and security skills. This is a hands-on role that will utilize development skills and involves coding. They understand how to scale operations to support a large organization. They have expertise coding, allowing them to solve diverse problems as part of daily penetration testing tasks on web/mobile applications. They work well with a team and will strive to support helping Discovery strengthen its external footprint. They understand how modern web and mobile applications are built. They have experience building web and mobile applications as well as APIs. They understand the various communication protocols. There are plenty of interesting projects to work on, including security assessments of a wide variety of web applications, web services, mobile applications, and more.
1. Develop and execute security assessment test plans, document and present results
2. Perform design analysis, review, piloting, and selection of security technologies that meet specified application/business requirements, as needed
3. Work collaboratively and proactively across the organization (e.g., Technical Architects/Leads, Product managers, Digital Media Program Teams, etc.) to support and remediate security gaps
4. Maintain knowledge of current and emerging secure application technologies/products/trends related to architectural solutions; actively and continuously share this knowledge with others
5. Communicate Findings/Remediation Guidance/Security Design Patterns to development teams in a concise and succinct manner
6. Increase knowledge in application security through self-study, training, and certifications.
7. Stay connected to emerging technologies/industry trends and apply them into operations and activities
* 5+ years of cybersecurity architecture, engineering, Penetration Testing and/or application security (appsec, netsec)
* Security, Software Development and Scripting Experience
* Web/Mobile Application Penetration Testing Experience
* Web Services Security Penetration Testing Experience
* Database Experience
* Experience deploying solutions in a public cloud environment (IaaS, PaaS, SaaS)
* Familiar with application security tools like BurpSuite, ZAP, Nmap, Metasploit, and Kali Linux, etc.
* Strong Knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL
* Understand specific protocols and their implementations such as OAuth and SSO
* Experience with Unix/Linux and Windows operating systems
* Excellent communication and presentation abilities with great attention to detail
* One or more of the following certifications are highly desired: CREST, GIAC, CEH, OSCP, OSWE, OSCE, OESEE, CCNA, GPEN, GWAPT, or GXPM
* Must be fluent in English and if possible, French or Polish
* Must have the legal right to work in the United States
Sterling, Virginia, VA