Penetration Tester (Java/ Ethical Hacking focus) - Hybrid - Contract to Hire

Remote Full-time
Onsite role in Albany, NY - two days per week Wednesday/Thursday + every other Friday

Overview:

A Penetration Tester with a focus on Java application security is sought to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats.

Key Responsibilities:
• Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
• Identify security flaws in Java code using automated and manual methods.
• Create and use custom exploits to test application security, simulating attacker tactics.
• Collaborate with Development teams to understand application architecture and find security weaknesses early.
• Collaborate with Testing teams to integrate with manual and automation testing.
• Provide guidance on secure coding and how to fix vulnerabilities.
• Stay updated on Java security threats and best practices.
• Help improve secure development processes (SDLC).
• Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
• Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
• Communicate findings and recommendations to both technical and non-technical staff.
• Contribute to security policies for Java development and deployment.
• Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses' browser tokens and cache manipulation and Production vs. none prod architecture.
• Familiar with MITRE ATT&CK Framework.
REQUIREMENTS:
• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 6 years of Development/Security experience
• Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
• Strong knowledge of Java programming and its security practices as well as scripting experience.
• Core Java coding experience.
• Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.
• Proficiency in web application security principles (e.g., OWASP).
• Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
• Experience with penetration testing tools like Burp Suite, Metasploit.
• Familiarity with Fortify on Demand SAST and DAST tools.
• Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
• Excellent problem-solving and analytical skills.
• Strong communication skills.
• High ethical standards and confidentiality.
Preferred Qualifications:
• Certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.
• Experience with scripting languages (e.g., Python, Bash).
• Experience with secure code review for Java.
• Familiarity with cloud security testing.
• Experience with mobile application penetration testing.
• Knowledge of regulations like HIPAA.
• Experience with API testing
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Experienced Part-Time Customer Service Representative – Work From Home Opportunity with careerzynith

Remote

**Experienced Customer Chat Support Agent – Remote Work Opportunity at arenaflex**

Remote

Foreclosure Paralegal - Remote

Remote

HR Outsourcing Sales Consultant

Remote

Customer Success Advisor

Remote

IC Business Development Rep 1

Remote

Senior Field Sales Representative

Remote

Logistics Contract Specialist

Remote

Experienced Amazon Remote Chat Support Specialist – Fully Remote Customer Service and Technical Support Opportunity with Comprehensive Training and Competitive Hourly Rates

Remote

Entry-Level Data Entry Specialist (Remote)

Remote
← Back