- Review the implementation of forms used in browser-based/Web applications and perform input-poisoning attacks
- Provide server support
- Conduct web application and code testing for all systems and applications, and open source dependencies, providing analysis and risk assessments for vulnerabilities discovered
- Utilize code analysis and fuzzing tools that are furnished or approved by the Federal Agency to assess the quality and security of source code
- Attempt to subvert applications and database security controls
- Test susceptibility to other input poisoning
- Provide reports as needed to the Federal Agency based on testing.
- Be flexible to support multiple PEN engagements as needed.
- Conduct testing in accordance with the following Federal standards, and Industry best practices:
- National Institute of Standards and Technology (NIST) Technical Guide to Information Security Testing and Assessment SP800-15
- Open Web Application Security Project (OWASP)
- Green Card or US Citizen preferred.
- Strong knowledge to perform below test:
- Penetration testing/documentation
- Malicious Software Analysis
- Strong foundation in one or more of the following:
- Authentication methods
- Network & Cloud security best practices
- Strong technical acumen securing software
- Experience with tools such as or similar to Nessus/AppScan/Burp Suite in a complex network environment will be preferred
- Demonstrated ability of exploit and mitigate application-level vulnerabilities
- 2-4 years of security related experience and background
- A Bachelor’s degree or equivalent experience in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or related field.