Need Local Candidates Only// Urgently Looking For Penetration Tester// Westlake, TX (Onsite)// No H1B/ CPT
Role: Penetration Tester
Location: Westlake, TX (Onsite) –Need Local Candidates Only
Duration: 6+ Months
Client: No H1B/ CPT
Process: Phone/ Skype
Key Responsibilities
- Conduct manual and automated penetration testing of web applications, APIs, and related infrastructure.
- Identify, document, and exploit security vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication flaws, and business logic issues.
- Perform source code reviews to identify security flaws in web applications.
- Use industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, and SAST/DAST tools.
- Develop and execute custom scripts and exploits to validate security weaknesses.
- Collaborate with development and DevSecOps teams to provide secure coding recommendations and remediation guidance.
- Generate detailed reports with findings, risk assessments, and actionable remediation steps for technical and non-technical stakeholders.
- Stay up to date with the latest web security trends, vulnerabilities, and attack techniques.
- Perform retesting of vulnerabilities after remediation efforts.
- Assist in threat modeling and risk assessments for web applications.
Tools & Technologies
The candidate should be proficient in using the following tools and technologies for web application penetration testing:
Web Application Security Testing Tools:
- Burp Suite (Pro & Community)
- WebInspect
Network & Reconnaissance Tools:
- Nmap
- Masscan
- Amass
- Subfinder / Assetfinder
- Shodan / Censys
Exploitation & Attack Tools:
- SQLmap (SQL injection testing), Metasploit Framework,
Scripting & Automation:
- Python / Bash / PowerShell
- JavaScript (for DOM-based attacks and exploitation)
- Postman / REST API testing tools
Code Analysis & Debugging:
- Source Code Review (Java, .NET, Python, JavaScript, etc.)
- Static Analysis Tools (SAST) – SonarQube, Snyk, Fortify
- Dynamic Analysis Tools (DAST): Acunetix,
Cloud & Container Security:
- AWS Security Tools (Pacu, ScoutSuite, Prowler)
- Docker Security Testing (Trivy, Dockle)
- Kubernetes Security Testing (Kube-hunter, Kube-bench)
Qualifications & Skills
Technical Skills:
- Deep understanding of OWASP Top 10 vulnerabilities and web security principles.
- Proficiency in HTTP/HTTPS protocols, authentication mechanisms, session management, and API security.
- Experience with scripting (Python, Bash, PowerShell, JavaScript) for automation and exploit development.
- Familiarity with Cloud Security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus.
- Knowledge of Secure Software Development Life Cycle (SDLC) practices.
Certifications (Preferred but Not Required):
- OSCP (Offensive Security Certified Professional)
- GWAPT (GIAC Web Application Penetration Tester)
- CPT (Certified Penetration Tester)
- CEH (Certified Ethical Hacker)
Experience & Education:
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
- 2-5 years of experience in web application security, penetration testing, or ethical hacking
Regards:
Anand
Headwit Global Inc.
Phone # +1 (512) 866-4578
5900 Belcones drive
Suit #100, Austin, TX , 78731
To unsubscribe from future emails or to update your email preferences click here