Application Penetration Tester 3

Application Penetration Tester 3

The Application Penetration Tester will assist Asurion in developing secure products by providing best-in-class application security penetration testing and security assessment services to the product development organization, while passionately pursuing personal and organizational excellence in the field of application/product security.

Core Duties and Responsibilities

Perform in-depth application and system penetration tests of internally developed products and enterprise systems to Identify security risks and vulnerabilities.Develop functioning proof of concepts (PoCs) to demonstrate exploitation and impact of found vulnerabilitiesProvide guidance and assistance on vulnerability remediationReview product and open-source code for the purposes of assessing security and determining weaknesses / vulnerabilities.Build and maintain positive and productive working relationships with product development teams and individuals.Develop security assessment scripts and frameworks and assist in efforts to automate security testing and assessment activities.Continuously learn and keep pace with the latest technical developments in the security space.

Additional Duties and Responsibilities

Perform threat modeling with application security engineers and product development staff to promote secure development and inform penetration testing / red-team efforts.Mentor security champions with respect to penetration testing techniques, vulnerability research, and red-team tactics.Aid the incident response process when product security expertise is required.Participate in post-mortems and retrospectives to improve security of products and systems.Research and present on relevant security topics, practices, and threats.

Essential Skills

Strong desire and drive to continuously learn and improve upon existing skills, as well as developing new skillsStrong researching, analytical and problem-solving skillsStrong experience and knowledge of identifying, exploiting and remediating web application vulnerabilitiesProficient in at least one scripting language and/or programming language for building PoCs, automation and completing other similar tasksAbility to perform secure coding reviews on applications written in TypeScript, JavaScript, Java, C#, Scala and/or othersFamiliarity with iOS and/or Android penetration testingExperience with commonly used cloud services and securing themExcellent communication (oral, written, presentation) skills including the ability to explain technical concepts and findings at a high-level to non-technical audiencesKnowledge of open security standardsExperience with web and mobile security related tools such as Burp, Caido, adb, Corellium, etc.

Bonus skills and experience

Industry recognized certifications demonstrating practical application of knowledge learned; Offensive Security, Hack the Box, TCM, etc. certificationsActivity in CTF's and CTF platforms including completion of labs such as the HTB Pro labsExperience in full stack web application developmentExperience in iOS and Android developmentInvolvement in Bug Bounty ProgramsExperience in reverse engineering and tools (IDA Pro, Immunity, Windbg, gdb, etc.)Experience security testing and/or using AI for security and efficiency increase purposesSecurity research projects and/or presenting security research at conferencesCVE assignmentsFamiliarity with Windows and Linux testing/privilege escalation techniques and hardening