Web Application / Penetration Tester(s) Jr & Sr - Fort Worth TX, Kansas City MO, Wash DC (US Citizen) 3-4 Days remote (US CITIZEN) Job Description: "THIS IS A WEB APPLICATION Penetration Testing role; and it is web applications versus network or server penetration testing. " The most security-conscious organizations trust Telos Corporation to protect their vital IT assets. The reputation of our company rests on the quality of our solution and the integrity of our people. Explore what you can bring to our solutions in information assurance, secure networks, secure enterprise messaging, and identity management. Be a part of the Telos culture and see what sets us apart! Telos offers an excellent compensation package with benefits that include generous paid time off, medical, dental, vision, tuition reimbursement, and 401k. Our employees enjoy more than just a great work environment! This position will be based in: Washington, DC / Fort Worth, TX / Kansas City, MO Fort Worth TX 76102 - 3-4 days remote 1 d onsite Kansas City MO 64131 - 3-4 days remote 1 d onsite Washington DC 20405 - 3 days remote (Tues, Thurs, Fri) remote Mon & Wed onsite 1800 F Street NW The requirement is for a US Citizen that will get a public trust when hired if you do not already have one. We have two openings 1 Jr, 1 Sr Web Application Security / Penetration tester with a hunger and drive to advance knowledge and skill in web application security and penetration testing. Candidate should have a basic understanding of the HTTP protocol, common web languages, IAAA controls, CMS, and Database technologies including: HTTP, HTTP Methods, URI, URL, TLS/SSL, Basic and Digest authentication, SAML, SSO, Secure Headers, Cookies and attributes, CORS, RIA, basic HTTP Response codes, HTML, CSS, PHP, ASP, JavaScript, Django, Drupal, WordPress, IIS, Apache, Joomla, SQL, MySQL, MariaDB, PostgreSQL etc. Candidate should have a basic knowledge of common web application attacks and their associated remediation strategies such as: SQLi, XSS, CSRF, SSRF, RCE, LFI/RFI and more. Experience Requirements Junior Pen Tester: . BS in Computer Science, Information Systems, Mathematics, Engineering, related degree or an additional two (2) years of relevant experience. . 3+ years in IT security . Candidate will be required to function on a team and work closely with an assigned Sr. Penetration tester. Sr Pen Tester: . BS in Computer Science, Information Systems, Mathematics, Engineering, related degree or an additional 3 to 5 years of relevant experience. . 5+ years in IT security . The ideal candidate will be able to conduct (or quickly learn) network penetration testing and Red Teaming. . Candidate must have ability to present and clearly articulate findings to a client. Candidate must have a high attention to detail in client deliverables. . As part of a collaborative team the candidate will work daily with an assigned Jr. Penetration tester in a mentorship capacity. Training, delegating, and overseeing tasks to their assigned Jr. Penetration Tester. Additional requirements for both Jr & Sr roles: . 2+ years conducting vulnerability scanning using network or web application security scanners: NetSparker, HP Web Inspect, BurpSuite, ZAP, Nexpose, Nessus, OpenVAS or similar . 2+ years' experience analyzing and interpreting scan reports and assisting in remediation. . 2+ years' experience with scripting in either Powershell, BASH, Perl, or Python. . 1+ year hands-on in penetration testing or labs (HTB, VulnHub, Mutillidae, Metasploitable will do) . Experience with Windows and Linux Servers (Debian or RHEL) . Familiarity with Kali Linux's command line scanners and tools such as: Nikto, NMAP, NSE, SSLScan, SQLMap, wpscan, droopscan, Metasploit Responsibilities Include: . Being able to work autonomously . Responding to client request though email, call, chat, and ticket requests . Configuring and running web application scans, adding new hosts to weekly and monthly scan lists . Conducting false positive analysis and QA to vulnerability scan reports . Pursuing knowledge and increased familiarity of web application security testing concepts . Security tool development: researching, planning, and implementing new tool features to make security tools more effective and add value for our client . Reading, applying, and documenting web application concepts from books, guides, and methodologies such as: o The OWASP Testing Guide v4 oA Tangled Web A Guide to Securing Modern Web Applications o The Web Application Hackers Handbook . Preparing and Presenting White Papers to other team members . Ability to lead peers while also receiving mentorship and guidance from assigned Senior penetration testers