Back to all jobs

Web and Mobile Application Penetration Tester

Booz Allen

Jul 07

Web and Mobile Application Penetration Tester

Key Role:

Work with a wide variety of clients to validate security controls around web resources and mobile applications and their backend web services. Work with a team of seasoned security testing professionals to enhance existing services offerings and security testing capabilities and conduct hands on technical testing focused on identification of OWASP type vulnerabilities in both web application and mobile applications. Conduct full exploitation and leveraging of access within multiple environments, including Windows and Nix environment. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel. Act as the primary interface and lead for web and mobile application security testing ranging from 1-3 additional testers and manage the delivery of staff assignments, as needed. Become part of a team of security enthusiasts that perform cutting-edge research and promote an environment of innovation and knowledge-sharing. This position is open to remote delivery from any location in the U.S., to include the District of Columbia.

Basic Qualifications:

  • Experience with using, administering, and troubleshooting different Linux versions
  • Experience with working in a Windows environments
  • Experience with scripting and editing existing code and programming, including Perl, Python, Ruby, Bash, C/C++, C#, or Java
  • Experience with Burp Suite Pro, incluing identification and usage of relevant plugins
  • Experience with security assessment tools, including Nessus, Accunetix, Metasploit, or Cobalt Strike
  • Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections
  • Knowledge of application, database, and Web server design and implementation
  • Knowledge of network vulnerability assessments, Web application security testing, network penetration testing, or red teaming
  • BA or BS degree

Additional Qualifications:

  • Experience with working in a commercial consulting or professional services environment
  • Experience with phishing and other social engineering tactics
  • Experience with using Ubuntu preferred
  • Experience with assembly languages, including x86 or reverse engineering

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.