Job Description

TCI has an immediate need for an Application Security Tester in Raleigh, NC or Eagan, MN. This is not a Corp2Corp opportunity. This is a long-term contract opportunity with the probability of extension and possibility of hire. In addition to competitive, market-rate based pay, TCI provides all our Consultants with Comprehensive Medical/Dental Insurance, 401k, Life Insurance and Long-Term Disability benefits.

This position requires a DoD Public Trust Security Clearance

SUMMARY

Application Security Tester will be working with the RISK: (VMA) Team to Provide technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. This is a hands-on role, requiring technical penetration testing skills from the hardware to the application layer.

RESPONSIBILITIES

  • Develops general test and evaluation plans to compare current and proposed technologies; assesses test results to determine whether they match requirements specifications
  • Prepares documents by tailoring technical information and creates benchmark or security authorization reports; outlines key findings related to speed, risks, results and reliability, and recommends acceptance or rejection of technology for applied use
  • Selects the appropriate technical tests, network or vulnerability scan tools, and/or pen testing tools based on review of requirements and purpose; lists all steps involved for executing selected test(s) and coaches others in the use of advanced research, development, or scan tools and the analysis of comparative findings between proposed and current technologies
  • Prepare the various types of security related documents and conduct vulnerability scans and recognize vulnerabilities in security systems.

REQUIREMENTS

  • Must have 5 years Application testing background experience.
  • Highly skilled in web application testing, API testing, and network testing
  • Prior experience with Burp Suite Professional, or other similar DAST tools
  • Experience with Kali Linux and most of the tools available in the distro for penetration testing
  • Experience with tools such as Metasploit Pro and Cobalt Strike for red team operations
  • Experience with Red Team engagements from planning to execution
  • Experience with phishing network users to gain access for lateral movement on the network
  • Experience with Purple Team engagements to test monitoring controls in coordination with engineering teams.
  • Proficiency in scripting, such as Python and/or Powershell
  • Knowledge of exploit and payload development
  • Experience with penetration testing supporting PCI-DSS
  • Technical writing skills, along with ease in communicating concepts related to security vulnerabilities and attack path scenarios.
  • Familiar with OWASP Application Security Verification Standard (ASVS) and MITRE ATT&CK framework
  • Penetration testing certification required. Acceptable certifications: Offensive Security Certified Professional (OCSP), Global Information Assurance Certification (GIAC) Certifications (e.g., GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN))
  • Must be able to obtain a Position of Public Trust. Must have resided in the US for the last 5 years

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online