Web Application Tester - Core4ce : Job Details

Join to apply for the Web Application Tester role at Core4ce

1 day ago Be among the first 25 applicants

Join to apply for the Web Application Tester role at Core4ce

Information Technology --> CyberAlexandria, VAID: 867-383Full-Time/RegularAs a Web Application Penetration Tester joining our team, you will play a pivotal role in ensuring our customers' applications and underlying data are secure. Your expertise will enhance the support we provide to a wide variety of entities, including commercial enterprises and government organizations. Join us and be at the forefront of securing the data our customers rely on, while enjoying a dynamic and collaborative work culture that values innovation, growth, and teamwork.ResponsibilitiesThis position operates with minimal government lead supervision supporting the Department of Defense. Our company also has a commercial assessment practice that occasionally utilizes DoD-based team members for additional assessment support:

• Evaluating a variety of deployed web applications to identify security issues that may affect data availability, reliability, and confidentiality, such as but not limited to the OWASP Top 10
• Collaborate with customers to understand the intended flow of deployed web applications and evaluate these applications for potential flaws, such as errors in business logic, authentication and authorization flaws, input validation weaknesses, session management vulnerabilities, and other security misconfigurations that could allow deviations from the intended functionality
• Identify and analyze potential attack chains by evaluating how individual vulnerabilities can be combined to exploit the application, and provide comprehensive mitigation strategies
• When using automated scanning tools, manually confirm identified or tentative issues, and ensure that the coverage provided by these tools meets the customers' expectations
• Periodically review public posts regarding vulnerabilities without a public proof-of-concept (PoC) that may be applicable to a target web application or application server. Attempt to reverse engineer these vulnerabilities and develop a working PoC, as applicable to web assets in the client's environment
• Utilize source code or binaries, when provided or open source, to focus and prioritize testing efforts. This includes familiarity with static code analysis to identify potential vulnerabilities, understanding the application's architecture, pinpointing critical components and functions, and tailoring penetration testing strategies to efficiently uncover security flaws in the most impactful areas.
• Support customers by providing guidance on temporary mitigations and permanent remediations. This includes contributing to detailed written reports, offering remote support when necessary, and effectively communicating technical findings to a less technical audience to ensure understanding and proper implementation of security measures.
• Less frequently, as business needs require, assist with basic network penetration testing tasks, contributing to a broader understanding of the organization's security posture and supporting the overall security assessment process
• This position requires a hybrid onsite work schedule and occasional travel to other locations.

Requirements

• Bachelor's degree and 5+ years recent experience in offensive cyber security targeting web applications required; having prior experience elsewhere in information technology or cyber security fields is a plus. Education can be substituted by solid experience in the field.
• Active DoD 8570 IAT Level I or greater and at least one the following certifications in good standing: OSWA, GWAPT, GXPN, GPEN, OSCP, OSWE
• Active DoD Top Secret clearance
• An understanding of common web application vulnerabilities and a willingness to learn as new vulnerabilities are discovered and documented
• Ability to communicate effectively, while conveying highly technical concepts to both technical and nontechnical stakeholders
• Familiarity with at least one common web-related programming language
• Familiarity with working under both Windows and at least one *nix-like OS; having a common certification demonstrating familiarity with administering an OS is a plus
• Proficiency in using a variety of penetration testing tools, including but not limited to Burp Suite, OWASP ZAP, Metasploit, Nessus, Nmap, and various automated web application scanning tools.
• Coding/Scripting experience a plus

Why Work for Us?Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.We Offer

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters—supported by a company that invests in you.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionQuality Assurance
• IndustriesIT Services and IT Consulting

Referrals increase your chances of interviewing at Core4ce by 2x

Get notified about new Application Tester jobs in Alexandria, VA.

Lanham, MD $90,000.00-$100,000.00 3 weeks ago

District of Columbia, United States $50,000.00-$96,000.00 1 month ago

Arlington, VA $150,000.00-$180,000.00 3 months ago

Washington, DC $55,666.00-$777,777.00 1 month ago

Washington, DC $75,000.00-$90,000.00 3 weeks ago

Suitland, MD $95,000.00-$110,000.00 15 hours ago

McLean, VA $90,000.00-$130,000.00 3 weeks ago

Quality Assurance Engineer-I, Prime Video Ads QA

Arlington, VA $75,700.00-$183,100.00 1 week ago

Engineer, Quality Assurance - Individual Contributor

Bethesda, MD $86,800.00-$198,000.00 2 days ago

Quality Assurance Engineer - TS required to apply; Washington DC; Junior to SME

Washington, DC $75,000.00-$140,000.00 3 weeks ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr