APPLICATION PENETRATION TESTER

Job Summary - Web Application Penetration Tester - Lead manual penetration testing of in-house developed web application (CARE) to discover security vulnerabilities and propose remediations. - Conduct detailed penetration tests using common frameworks such as OWASP to identify and exploit vulnerabilities. - Document findings, report vulnerabilities, and provide solutions to the development team. - Collaborate closely with development team to verify and implement remediations. - Develop and maintain automation scripts to re-run security tests, ensuring new vulnerabilities are detected before deployment. - Mentor and train development team on secure coding practices and web application security (including OWASP Top 10). - Serve as subject matter expert on web application security, providing guidance and expertise to internal teams. - Participate in code reviews and provide feedback to ensure security standards are met. - Work collaboratively with cross-functional teams (Business, QA, Operations) to scope and draft functional requirements. - Assist business users in creating test cases, use cases, and perform functional testing. - Provide timely and effective reporting on the status of projects and remediation efforts. - Ensure all project documentation and IT requirements are completed and maintained as per internal standards. - Participate in and contribute to training and mentoring plans for State Fund employees, focusing on security skills enhancement. - Communicate effectively with users at all levels, and present technical solutions to both technical and non-technical audiences. - Demonstrate strong knowledge of Java, Spring, Oracle, Linux, and Windows in the context of secure application development and testing. - Manage all aspects of the penetration testing and support functions, including planning, execution, and reporting.

Created: 2026-03-10