Web Application Security Tester

Foxhole Technology, Inc.Smyrna, GA
80d
Match Resume

About The Position

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world. Support the Web Application Security Program (WASP) mission to ensure that security is integrated systematically and comprehensively throughout the Software Development Life Cycle (SDLC).

Requirements

  • Active DoD Secret security clearance
  • 5 + years of progressive incident response experience
  • DoD IAT II required certification/s (one of the following): CCNA-Security, CySA+ (CSA+), GICSP, GSEC, Security+ CE, CND, SSCP, GWAPT, OSWE, eWPT
  • CSSP-AU required certification/s (one of the following): GSNA, CISA

Nice To Haves

  • Strong knowledge of the OWASP Top 10 and OWASP ASVS.
  • Familiarity with CWE, NIST 800-53/171, and DISA STIGs.
  • Hands-on experience with scripting languages (Python, Bash, PowerShell, JavaScript).
  • Familiarity with DevSecOps practices and secure coding guidelines.
  • Ability to communicate complex findings clearly to both technical and non-technical stakeholders.

Responsibilities

  • Perform security reviews of web application architectures, APIs, and supporting infrastructure.
  • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools.
  • Conduct application spidering, fuzzing, and business logic abuse testing to identify vulnerabilities.
  • Execute Web Application Penetration Testing against modern frameworks (e.g., React, Angular, Node.js, Django, Flask, .NET Core).
  • Test APIs using REST and GraphQL fuzzing, schema validation, and security automation.
  • Identify and validate vulnerabilities such as OWASP Top 10, Business Logic flaws, API Security vulnerabilities (OWASP API Top 10), Authentication and authorization weaknesses, Deserialization and injection flaws.
  • Conduct manual exploit validation beyond automated tool output to reduce false positives.
  • Develop and maintain test automation scripts using frameworks like Burp Suite Extender API, ZAP scripting, and custom Python tools.
  • Integrate security testing into CI/CD pipelines using GitLab CI, GitHub Actions, Jenkins, or Azure DevOps.
  • Utilize SCA (Software Composition Analysis) tools to identify vulnerable dependencies (e.g., Snyk, Dependency-Check, Black Duck).
  • Implement the Common Weakness Scoring System (CWSS) and assist in Common Vulnerability Scoring System (CVSS) ratings for prioritization.
  • Generate technical reports and provide remediation guidance to developers, system owners, and ISSOs.
  • Provide monthly and annual program metrics including trends in vulnerability classes, remediation timelines, and residual risk.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Number of Employees

101-250 employees

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service