Web Application Assessor

Web Application Assessors should have deep technical expertise in the processes, procedures, tools and methodology for assessing modern web applications. This role requires someone who can think independently and work independently to assess the risk of Parameter Security’s clients. Parameter Security assessors strive to investigate client networks and applications beyond what automated tools can discover.

Assessors are expected to be able to not only test and assess client web applications but can articulate any vulnerabilities/issues to clients via written and oral reports and presentations. Assessors will be required to demonstrate to clients not only that a vulnerability exists but be able to provide information to clients that help them understand the impact to their systems and networks.

Responsibilities of a Web Application Assessor at Parameter Security

  • Handle the configuration, use, and technical troubleshooting of all security testing tools, including creating customized configurations and scripts as needed to complete testing engagements.
  • Work with application stakeholders to determine assessment scope, process, and goals.
  • Validate, analyze, and enrich results generated by automated testing tools. Parameter provides value add to our clients by assigning appropriate risk ratings for automated/manual findings Assessors are expected to be able to critically analyze vulnerabilities and determine appropriate risk ratings. Example activities include the identification of false positive findings and adjustment of finding severities based on system-specific system considerations and/or business logic.
  • Discover and exploit vulnerabilities manually.
  • Participate in findings meetings to review and provide input on the validity of system stakeholder responses to findings.

Qualifications of a Web Application Assessor at Parameter Security

  • At least 2 years of experience performing web application penetration assessments in a professional role
  • Intricate technical knowledge of WAFs, Load Balancers and the complications they can induce in application tests
  • Ability to test web technologies (e.g. web applications, containers, container managers, API endpoints, etc.)
  • Deep knowledge of the OWASP Security Assessment Methodology.
  • Ability to test beyond the OWASP TOP 10 for web applications
  • Understanding of SDLC practices.
  • Excellent verbal and written communication skills for preparing and presenting recommendations to senior management, development staff, and executives
  • Ability to present complex technical concepts in business terms, both verbally and in writing
  • Pen testing certification (OSWE, GWAPT, OSCP, EWAPT, EPPT) preferred. Certification could be waived for candidates with appropriate experience.
  • Distraction-free work environment with a stable high-speed internet connection.

Want to team up with Parameter Security?

Please provide your information in the form below and we’ll reach out. Let’s manage risk together!