Web Application Penetration Tester

Booz Allen Hamilton - Baltimore, MD3.9

Full-timeEstimated: $64,000 - $93,000 a year
Key Role:
Work in a highly collaborative environment performing comprehensive penetration testing against a large-scale enterprise network, with a focus on Web application penetration testing. Apply expertise in organization and oral and written communication to interacting with clients. Leverage a creative mindset and expertise in computer programming to solve diverse problems as part of daily penetration testing tasks on both targeted and general engagements, including Web penetration testing, internal and external security assessments, vulnerability discovery and exploitation, post exploitation impact analysis, and physical security. Convey results in formal technical reports in a clear manner.

Basic Qualifications:
  • 3+ years of experience with programming using at least one of the following: PHP, Perl, Python, ruby, bash, C, or C++, including scripting and editing existing code
  • 3+ years of experience with one or more of the following: network vulnerability assessments, network penetration testing, red teaming, security operations, or hunt
  • 3+ years of experience with Web application security testing
  • Experience with using, administering, and troubleshooting Linux and Windows environments
  • Experience with security tools, including Netsparker, Burp Suite Pro, Nessus, Nmap, and Metasploit
  • Knowledge of Web application technologies and their associated vulnerabilities
  • BA or BS degree or 5+ years of experience in a professional work environment
  • One or more of the following certifications: OSCP, OSWE, OSCE, OESEE, CCNA, GPEN, GWAPT, or GXPM
Additional Qualifications:
  • Experience with supporting proposal efforts
  • Knowledge of the government environment
  • Knowledge of the National Institute of Standards and Technology (NIST) framework
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

CMD, SIG2017