Job
Description
As an experienced application penetration tester at RSM, you will be a key member of the Security and Privacy Risk Consulting group. Your role will involve conducting manual and automated security assessments to identify vulnerabilities and potential security risks for our clients" critical systems and data. You will play a critical role in helping clients prevent, detect, and respond to security threats effectively. **Responsibilities:** - Perform security assessments, including static and dynamic application security testing - Conduct manual penetration testing on web applications, network devices, and other systems - Collaborate with clients across various technology stacks and services, including cloud platforms and development technologies - Develop, enhance, and interpret security standards and guidance - Demonstrate and promote security best practices, including secure development and cloud security - Assist in developing remediation recommendations for identified findings - Clearly articulate findings to senior management and clients - Identify improvement opportunities for assigned clients - Stay updated with the latest security trends, technologies, and best practices - Work collaboratively within a team to deliver successful outcomes - Supervise and provide engagement management for other staff working on assigned engagements **Qualifications:** - B.Tech in Computer Science, Engineering, or related field or equivalent work experience - Expertise in web security with knowledge of vulnerabilities and the ability to exploit them effectively - 5+ years of experience in code review, application security testing, or web application development - Excellent written and verbal communication skills - Strong scripting skills (e.g. Python, Ruby, Perl) - Experience with cloud platforms like AWS and knowledge of cloud security best practices - Familiarity with development technologies such as Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. - Integrity, confidentiality, and adherence to company policies and best practices - Technical background in application development, networking/system administration, security testing, or related fields - Experience with static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques - Preferred certifications: Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist At RSM, we provide a competitive benefits and compensation package, along with flexibility in your schedule to balance work and personal life. If you are passionate about cybersecurity and want to work in a dynamic environment with diverse clients, RSM is the place to be.,
