ExpenseAnywhere Corporation
Website:
expenseanywhere.com
Job details:
We are seeking a Senior Penetration Tester with 7–10 years of experience in offensive security and security testing to lead advanced penetration testing and security assessment initiatives. The role involves identifying vulnerabilities across web applications, APIs, networks, cloud environments, and enterprise systems, while working closely with engineering, DevOps, and infrastructure teams to strengthen the organization’s overall security posture.
- Candidates with performance testing experience using JMeter will be given priority.
Key Responsibility
- Conduct penetration testing for web applications, APIs, networks, and cloud environments.
- Identify and exploit vulnerabilities including SQL Injection, XSS, CSRF, IDOR, SSRF, and authentication flaws.
- Perform internal and external network security testing, vulnerability scanning, and exploitation.
- Assess cloud security for AWS, Azure, and GCP environments.
- Execute red team exercises and threat simulations to evaluate security defenses.
- Prepare detailed vulnerability assessment reports with remediation recommendations.
- Collaborate with QA, DevOps, and development teams to address security issues.
- Mentor junior security engineers and support security best practices.
- Conduct performance and load testing using Apache JMeter (preferred).
Required Skills
- Strong knowledge of OWASP Top 10, SANS Top 25, MITRE ATT&CK, and PTES.
- Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Nessus/OpenVAS, SQLMap, Wireshark, Nikto.
- Experience in Active Directory security testing, privilege escalation, and network security.
- Knowledge of container security (Docker/Kubernetes) and cloud security concepts.
- Proficiency in scripting languages such as Python, Bash, PowerShell, or JavaScript.
Experience
- 7–10 years of experience in penetration testing, ethical hacking, or security testing.
- Experience with enterprise-level security assessments and red team engagements.
- Exposure to DevSecOps and security testing in CI/CD pipelines is a plus.
Click on Apply to know more.