Intelliware is a business and technology consulting firm headquartered in Toronto, Canada with a rich history of custom software and product development. We're seeking a highly skilled and experienced Senior Web Application Pentester to support our Cybersecurity Practice and work closely with our Vice President, Technical Operations and CISO. As a Senior Pentester, you will be responsible for identifying and exploiting vulnerabilities in web applications, conducting thorough security assessments, and providing actionable recommendations to enhance our clients' security posture.
Responsibilities:
- Conduct comprehensive penetration tests on web applications to identify security vulnerabilities, including but not limited to injection flaws, authentication and session management weaknesses, cross-site scripting (XSS), and insecure direct object references.
- Utilize both manual and automated techniques to discover, exploit, and mitigate security vulnerabilities.
- Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities based on risk assessment.
- Develop detailed reports documenting findings, including clear and actionable recommendations for remediation.
- Act as a subject matter expert in web application security, providing guidance and support to both technical and non-technical stakeholders.
Want more jobs like this?
Get Software Engineering jobs in Toronto, Canada delivered to your inbox every week.
‘Must Have’ Skills and Qualifications:
- Minimum of 3-5+ years of experience in web application penetration testing.
- Proficiency in using industry-standard penetration testing tools such as Burp Suite, OWASP ZAP, and Metasploit.
- Extensive knowledge of web application security vulnerabilities and exploitation techniques, including OWASP Top 10.
- Excellent communication skills, with the ability to effectively convey technical information to both technical and non-technical stakeholders.
- One or more relevant certifications such as: Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT)
- Strong understanding of web technologies such as HTML, JavaScript, CSS, and server-side scripting languages (e.g., PHP, Python, ASP.NET).
- Experience with various operating systems, including Windows, Linux, and Unix.
- Experience with cloud platforms such as AWS, Azure, or Google Cloud Platform.
- Familiarity with DevOps principles and practices.
- Experience with mobile application security testing.
- Knowledge of secure coding practices and static code analysis tools
- Degree/Diploma in a relevant field or equivalent practical experience
For more info on Intelliware, check out our Careers Page and Instagram.
Intelliware is committed to diversity in the workplace. We are an inclusive employer and welcome and encourage applications from all qualified candidates. Applicants’ needs will be accommodated during our recruitment and selection process so please advise us if you require accommodation.