Information Security Consultant (Mobile and Web Application Penetration)Information Security Consultant (Mobile and Web Application Penetration)

About UsTevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.About The RoleTevora is looking for a talented and experienced professional to join our Penetration Testing team. The right candidate will have technical proficiency, experience in Application Penetration Testing or related fields, and a passion for information security. In this position, you will analyze and attack our clients' networks, API, and web applications to ensure they are secured against the latest threats.This is a growth-oriented role within Tevora's consulting team and you will be expected to provide thought leadership to the overall practice through meaningful client work, security community involvement, as well as continuing education.Essential FunctionsPerform application penetration testing, including fuzzing, application logic testing, and source code analysis.Perform mobile application testing on iOS and Android platforms.Produce high-quality penetration testing reports for client executives and technical personnelPresent the results of penetration testing activities, including an explanation of findings and recommended remediationsWork directly with clients over phone, email, and chat to kickoff projects, answer technical questions, and debrief penetration test findingsIdentify and implement improvements to testing processes and methodologiesPerform research and tool development to support and advance Tevora's practice.QualificationsAbility to learn and willingness to be challenged.Proficiency with Burp Suite and/or ZAP.Experience with the theory and usage of penetration testing frameworks such as OWASP Testing Guide v4, Web App Hackers Handbook NIST or PTESKnowledge and understanding of security engineering basics including but not limited to a system and network security, authentication and security protocols, cryptography, mobile and web application securityExperience using various penetration testing and analysis tools (such as IDA, Ghidra, Drozer, Frida, Cycript, NMAP, MobSF, Nessus, Cobalt Strike, Burp Suite, ZAP, Metasploit, Rubeus, BloodHound etc.) on Windows, Linux, iOS, and AndroidKnowledge of scripting languages (such as, Python, Ruby, Perl, Bash, VB/WScript, PowerShell, etc.)Experience with web frameworks and source code reviewHardware hacking experience is a bonus (JTAG, NAND dumping, finding your way around a board with a multimeter)AbilitiesExcellent written and verbal communication, multi-tasking, time management, and analytical abilitiesDynamic, enthusiastic attitude with the ability to make concrete progress in the face of ambiguity with a strong sense of ownership, urgency, and drive.Education and ExperienceMinimum of 2-3 years of professional experience performing mobile or web application penetration tests or similar technical consulting experience.Industry certifications (e.g. OSCP, OSCE, GWAPT, GPEN, GXPN, OSWE, or other) or Bachelor's Degree in a related fieldAdditional Qualifications:Valid driver's license as driving will be required in this roleEligible to work in the United States401k w/ Employer MatchingPaid VacationsPaid HolidayTevora is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr