Penetration Tester - Partial Remote

Meridian Technologies

We have an opportunity for an Penetration Tester?working with a large line of business that is currently supporting enterprise application security. We are seeking energetic, talented individuals that have a desire to help transform customer requirements supporting the mission critical security services.

The? Penetration Tester responsibilities will include:

  1. Conduct platform or operating system vulnerability scans to assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.

  2. Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.

  3. Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.

  4. Serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.

  5. Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.

  6. Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.

Specialized Skills:

  • Demonstrable knowledge of Application security, risk assessment, validation of security penetration/Dynamic test results, static code testing/scanning/analysis and vulnerability resolution

  • Demonstrable knowledge of secure coding practices and the ability to conduct security assessments and analysis of applications

  • Ability to identify security requirements for applications and services and to effectively communicate requirements to application development teams and application/business owners

  • Ability to review application source code for vulnerabilities, using both manual and automated code scanning techniques

  • Ability to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options

  • Ability to initiate and promote activities to foster Information Security awareness and education among application development

  • Information security and application security or application development experience

  • Ability to coordinate activity among multiple teams, both technical and non-technical

  • Strong verbal and written communications skills; comfortable briefing senior management

  • Strong interpersonal skills for developing relationships with individuals and teams across the enterprise

Knowledge Areas:

  • Strong understanding of fundamental Application Security concepts, including common types of attacks and exploitation techniques

  • Experience with various application security tools (name a few--BURP, ZAP, Kali, WebInspect/AppScan, dependency check, fortify, Sonatype)

  • Solid understanding of common web and systems application vulnerabilities

  • Familiarity with key security concepts/frameworks such as OWASP, CVE, and CVSS

  • Familiarity with emerging applications security exploits and willingness to research them

  • Thorough understanding of application architecture and supporting component

  • Familiarity with AWS and containers is preferred but not required

  • Prior development background is preferred but not required

  • Familiarity with Mobile application security assessment preferred but not required

  • Familiarity with security automation preferred but not required


  • Bachelor's and 4 years experience or 8 years of experience

View this job on