All roles

Open role

Web Application Penetration Tester

Remote · Sri Lanka Full-time

Black Lantern Security is a Services Oriented Company

  • Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts
  • No one "mastermind"
  • No "cult of personality"
  • Competitive compensation and benefits
  • Healthy work-life balance
  • Project-based engagements that play to the team's strengths

Web Application Penetration Tester Location: Remote Required:

  • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).
  • Experience in performing penetration testing on enterprise networks, web applications, and mobile applications.
  • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
  • Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
  • Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
  • Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.
  • Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
  • Solid understanding of OWASP testing methodology.
  • Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).
  • Capable of working effectively and efficiently with minimal supervision.
  • Strong written and verbal English language skills.
  • Demonstrated ability to:
  • Adhere to the highest standards of honesty and scientific and business integrity.
  • Think critically about complex problems and situations.
  • Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s).
  • Develop novel attack vectors based on newly discovered vulnerabilities.
  • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA).

Preferences:

  • Web application development or source code review experience.
  • Strong knowledge of Windows and Linux operating systems.
  • Working knowledge of containerized applications and container-based security controls and configurations.Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN)

Responsibilities:

  • Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
  • Execute manual and automated code analysis to assess the quality and security of source code.
  • Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
  • Develop custom tools and exploits.
  • Analyze security findings, including risk analysis and root cause analysis.
  • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
  • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
  • Execute verification and validation testing for customer mitigations and fixes.

More open positions

Penetration Tester (Java/ Ethical Hacking focus) - Hybrid - Contract to Hire

Work from home Full-time role

Penetration Tester (W-2 or 1099 | U.S.-Based)

Work from home Full-time role

QA Engineer | $42/hr Remote

Work from home Full-time role

ICF Incorporated, LLC: Senior Quality Assurance Engineer – Reston, VA

Work from home Full-time role

Software QA Engineer - REMOTE WORK ( no H-1Bs , no 1099 / C2C candidates )

Work from home Full-time role

Radiology Emergency (Overnight) - Orange County

Work from home Full-time role

Certified Personal Trainer

Work from home Full-time role

Full-Stack Engineer

Work from home Full-time role

Senior Mobile Engineer

Work from home Full-time role

Commercial Lines Actuary III (Remote)

Work from home Full-time role

Underwriting Consultant

Work from home Full-time role

Talent Acquisition Business Partner (Healthcare)- Remote

Work from home Full-time role

Director-HCM Sales (National Opportunities) - Remote

Work from home Full-time role

Experienced Overnight Customer Service Specialist – Live Chat Support for careerzynith

Work from home Full-time role

Remote Dispatcher/Customer Service

Work from home Full-time role

Chief Medical Officer (Remote)

Work from home Full-time role

Software Development Engineer in Test / Senior Go Developer

Work from home Full-time role

Oracle Integration Cloud (OIC) Developer

Work from home Full-time role

Virtual GP- Overnight Shift

Work from home Full-time role

Territory Account Executive (South West France)

Work from home Full-time role

[Remote] Business Development Intern at Oncology Startup

Work from home Full-time role