Job Description
Information Security Consultant (Mobile and Web Application Penetration)
About Us
Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.
About The Role
Tevora is looking for a talented and experienced professional to join our Penetration Testing team. The right candidate will have technical proficiency, experience in Application Penetration Testing or related fields, and a passion for information security. In this position, you will analyze and attack our clients' networks, API, and web applications to ensure they are secured against the latest threats.
This is a growth-oriented role within Tevora's consulting team and you will be expected to provide thought leadership to the overall practice through meaningful client work, security community involvement, as well as continuing education.
Essential Functions
Perform application penetration testing, including fuzzing, application logic testing, and source code analysis.
Perform mobile application testing on iOS and Android platforms.
Produce high-quality penetration testing reports for client executives and technical personnel
Present the results of penetration testing activities, including an explanation of findings and recommended remediations
Work directly with clients over phone, email, and chat to kickoff projects, answer technical questions, and debrief penetration test findings
Identify and implement improvements to testing processes and methodologies
Perform research and tool development to support and advance Tevora's practice.
Qualifications
Ability to learn and willingness to be challenged.
Proficiency with Burp Suite and/or ZAP.
Experience with the theory and usage of penetration testing frameworks such as OWASP Testing Guide v4, Web App Hackers Handbook NIST or PTES
Knowledge and understanding of security engineering basics including but not limited to a system and network security, authentication and security protocols, cryptography, mobile and web application security
Experience using various penetration testing and analysis tools (such as IDA, Ghidra, Drozer, Frida, Cycript, NMAP, MobSF, Nessus, Cobalt Strike, Burp Suite, ZAP, Metasploit, Rubeus, BloodHound etc.) on Windows, Linux, iOS, and Android
Knowledge of scripting languages (such as, Python, Ruby, Perl, Bash, VB/WScript, PowerShell, etc.)
Experience with web frameworks and source code review
Programming experience with C++, C, C#, Go, Python, Java, Kotlin, Objective C, Swift, or JavaScript preferred
Hardware hacking experience is a bonus (JTAG, NAND dumping, finding your way around a board with a multimeter)
Abilities
Excellent written and verbal communication, multi-tasking, time management, and analytical abilities
Dynamic, enthusiastic attitude with the ability to make concrete progress in the face of ambiguity with a strong sense of ownership, urgency, and drive.
Education and Experience
Minimum of 2-3 years of professional experience performing mobile or web application penetration tests or similar technical consulting experience.
Industry certifications (e.g. OSCP, OSCE, GWAPT, GPEN, GXPN, OSWE, or other) or Bachelor's Degree in a related field
Additional Qualifications:
Valid driver's license as driving will be required in this role
Eligible to work in the United States
Benefits:
Comprehensive Healthcare Benefits
401k w/ Employer Matching
Paid Vacations
Paid Holiday
Vibrant Work Culture
Tevora is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Job Posted by ApplicantPro