5-7 years of relevant experience in application security testing
Strong programming skills in multiple languages including C, Python, and Java
Familiarity with web service protocols like SOAP and REST
Expertise in using attack proxies like Burp Suite
Knowledge of AI/LLM application weaknesses
Professional security certifications such as OSCP or OSWE are mandatory
Responsibilities
Perform penetration testing on web and mobile applications
Conduct source code reviews and whitebox testing to validate findings
Reverse engineer client applications for vulnerabilities
Document detailed reports with actionable remediation suggestions
Conduct static and dynamic application security testing on a range of applications
Identify and address false positives in security scans
Analyze application weaknesses against the OWASP framework
Benefits
Supportive team and inspiring work environment
Competitive pay with performance incentives
Opportunities for personal and professional development
Fully remote work option catering to Texas residents
Full Job Description
Who we are looking for
Core values:
You have a customer-first mentality. Is a great communicator with clients, project managers, and teammates. Rapid responses and on time.
You deliver work that you take pride in. Your work is an autograph of your excellence.
You dig deeper into every finding. Doesn't stop until impact is proven.
You are comfortable being uncomfortable. Goes towards obstacles, not away from them. Consulting isn't your typical job and requires adapting to rapidly changing environments.
You are always learning. Cybersecurity is changing every day, and you need to keep up or want to keep up. Be deeply aware of your skillset and be willing to improve.
You are Self-motivated and dependable.
You are humble. Egos don't have a place at Packetlabs.
Education and experience:
We are looking for an experienced developer/application security tester to join our team:
Solid working knowledge of programming languages, including C, C#, Python, Objective-C, Java, JavaScript, SQL, and frameworks like AngularJS.
Familiarity with web services and data exchange formats such as XML, JSON, SOAP, REST, and AJAX.
Understanding of AI/LLM weaknesses and flaws in applications.
Extensive experience/expertise in using an attack proxy (e.g. Burp Suite)
Preferred if you have 3 - 5 years of experience working in penetration testing and consulting
A graduate of a post-secondary college or university degree program.
Has at least two years of experience dealing with information security-related tasks.
Has professional qualifications (one or more): OSCP, OSWE, BSCP.
OSCP or Burp is mandatory for our organization.
What you'll be doing
Your primary role is to perform penetration testing of web applications, mobile applications, thick clients, and APIs.
Source code review and whitebox penetration testing to prove the impact of application flaws.
Reverse engineering of mobile and thick client applications.
You sometimes chain application flaws to other areas, such as cloud and on-prem AD infrastructure. Opportunities for lateral movement into the infrastructure teams are limited and given at the manager's discretion.
Develop detailed reports on findings and remediations for impactful findings. You will learn to debrief these findings at both a technical and executive level.
Perform SAST and DAST on enterprise, SaaS, and custom in-house applications.
Experience in using scanners and knowledge of validation and elimination of false positives.
A strong understanding of OWASP in Web, API, Mobile, and AI/LLM is necessary, but you will be asked to go beyond.
Why Us
Amazing team and working environment
Competitive compensation and pay for performance
Employee growth and development
Fully remote (in Texas)
At-Will Employment
This position is at-will, and this job posting does not constitute an employment contract or guarantee of continued employment.
How to Apply
If this sounds like you, apply today. We're looking for someone who wants to build a career in cybersecurity and is ready to make an impact
