Blog

Need Local Candidates Only// Urgently Looking For Penetration Tester// Westlake, TX (Onsite)// No H1B/ CPT

Need Local Candidates Only// Urgently Looking For Penetration Tester// Westlake, TX (Onsite)// No H1B/ CPT

 

Role: Penetration Tester

Location: Westlake, TX (Onsite) –Need Local Candidates Only
Duration: 6+ Months
Client: No H1B/ CPT

Process: Phone/ Skype

Key Responsibilities

  • Conduct manual and automated penetration testing of web applications, APIs, and related infrastructure.
  • Identify, document, and exploit security vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication flaws, and business logic issues.
  • Perform source code reviews to identify security flaws in web applications.
  • Use industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, and SAST/DAST tools.
  • Develop and execute custom scripts and exploits to validate security weaknesses.
  • Collaborate with development and DevSecOps teams to provide secure coding recommendations and remediation guidance.
  • Generate detailed reports with findings, risk assessments, and actionable remediation steps for technical and non-technical stakeholders.
  • Stay up to date with the latest web security trends, vulnerabilities, and attack techniques.
  • Perform retesting of vulnerabilities after remediation efforts.
  • Assist in threat modeling and risk assessments for web applications.

 

Tools & Technologies
The candidate should be proficient in using the following tools and technologies for web application penetration testing:

Web Application Security Testing Tools:

  • Burp Suite (Pro & Community)
  • WebInspect

Network & Reconnaissance Tools:

  • Nmap
  • Masscan
  • Amass
  • Subfinder / Assetfinder
  • Shodan / Censys

Exploitation & Attack Tools:

  • SQLmap (SQL injection testing), Metasploit Framework,

Scripting & Automation:

  • Python / Bash / PowerShell
  • JavaScript (for DOM-based attacks and exploitation)
  • Postman / REST API testing tools

Code Analysis & Debugging:

  • Source Code Review (Java, .NET, Python, JavaScript, etc.)
  • Static Analysis Tools (SAST) – SonarQube, Snyk, Fortify
  • Dynamic Analysis Tools (DAST): Acunetix,

Cloud & Container Security:

  • AWS Security Tools (Pacu, ScoutSuite, Prowler)
  • Docker Security Testing (Trivy, Dockle)
  • Kubernetes Security Testing (Kube-hunter, Kube-bench)

 

Qualifications & Skills
Technical Skills:

  • Deep understanding of OWASP Top 10 vulnerabilities and web security principles.
  • Proficiency in HTTP/HTTPS protocols, authentication mechanisms, session management, and API security.
  • Experience with scripting (Python, Bash, PowerShell, JavaScript) for automation and exploit development.
  • Familiarity with Cloud Security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus.
  • Knowledge of Secure Software Development Life Cycle (SDLC) practices.
     

Certifications (Preferred but Not Required):

  • OSCP (Offensive Security Certified Professional)
  • GWAPT (GIAC Web Application Penetration Tester)
  • CPT (Certified Penetration Tester)
  • CEH (Certified Ethical Hacker)

 

Experience & Education:

  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
  • 2-5 years of experience in web application security, penetration testing, or ethical hacking

 

 

Regards:

 

Anand

Headwit Global Inc.

Phone # +1 (512) 866-4578

[email protected]

5900 Belcones drive

Suit #100, Austin, TX , 78731

To unsubscribe from future emails or to update your email preferences click here

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments