Senior Web Application Penetration Tester

<p>We are seeking a<strong> Senior Web Application Penetration Tester </strong>to join our growing team. As a Senior Web Application Penetration Tester, you will be challenged to perform endpoint discovery, open source research, web application enumeration, and novel vulnerability analysis/exploitation. This is much more than Burp scans; operators routinely develop custom tooling (in languages such as PHP, Java, and Python) and achieve a deep understanding of target infrastructure/technology in exploitation paths. The assessments are usually a long haul and great for advanced bug bounty hunters who enjoy getting deep in the weeds. Some cloud/Active Directory experience is a plus for post exploitation activities. </p> <p>This role resides in our Delivery Department<strong> </strong>and reports to our VP of Cyber Operations. This position is remote with a 10% travel requirement.</p> <p>SIXGEN supports cyber and intelligence missions by serving government and commercial organizations as they overcome global cybersecurity challenges. Our highly skilled operators conduct research and assessments based on real-world threats. We simulate adversaries and malicious actors to report details and actionable findings on critical assets and infrastructures. Our program planners advise mission owners to bring rapid solutions to intelligence mission leaders. Using innovative processes, tools, and techniques, we predict and overcome cybersecurity vulnerabilities. Our successes are supported by our diverse team of experienced, technical talent. SIXGEN is growing our support to mission by adding an ambitious Strategic Management Consultant to our team. SIXGEN, Inc. is an Equal Opportunity/Veterans/Disabled Employer.</p> <p><strong>Core Responsibilities:</strong></p> <ul> <li>Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.</li> <li>Collaborate with team members and clients to define project scopes, business cases, review test results, and determine remediation steps.</li> <li>Analyze security findings, including risk analysis and root cause analysis.</li> <li>Draft reports and communicate complex security concepts and test findings to clients and stakeholders.</li> <li>Participate in client meetings, communicate clearly and openly on incremental progress, and inform the team of any help needed on impediments and roadblocks.</li> <li> <div class="IiQJ2c"> <div class="nDgy9d">Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation.</div> </div> </li> </ul> <p><strong>Required Skills and Experience:</strong></p> <ul> <li>Ability to participate in cybersecurity control testing engagements for the customer's network, websites, apps and cloud technologies.</li> <li>5 years of Web Application Penetration Tester experience. </li> <li>OSCP, OSWA, OSWE, CRTO, CBBH, GWAPT, or other relevant, hands-on certification. OSCP preferred. </li> <li>Must have experience in web application penetration testing.</li> <li>Knowledge of FISMA and NIST 800 series standards.</li> <li>Experience in network mapping, vulnerability scanning, and penetration and web application testing.</li> <li>Experience using approved test protocols and procedures to conduct network and application-level penetration tests.</li> <li>Experience attending client meetings, recording internal and technical client interviews and preserving the contents of reports and memoranda.</li> <li>Proficiency in using scanning tools like Nessus and NMap, as well as penetration tools like the Kali Linux suite, Burpsuite and Metasploit.</li> <li>Must be willing to travel as needed.</li> <li>Must be able to obtain Secret Clearance.</li> <li>Experience in script writing and crafting of payloads.</li> </ul> <p><strong>Additional Details:</strong></p> <ul> <li><strong>Job Location: </strong>Maryland, Northern Virginia, remote </li> <li><strong>Clearance Requirement: </strong>Must be able to obtain Secret Clearance</li> <li><strong>Travel: </strong>Up to 10%</li> </ul> <p><strong>Compensation & Benefits</strong></p> <ul> <li>Competitive salary</li> <li>Employer-paid health insurance premiums (medical, dental, vision)</li> <li>Employer-paid short/long term disability insurance and basic life/AD&D insurance</li> <li>401K with a 4% employer contribution</li> <li>Professional development reimbursement options available (training, certification, education, etc)​</li> <li>Flexible and remote work policies for most positions</li> <li>Paid Time Off (PTO) at a rate of three (3) weeks plus one (1) day per year of service up to four (4) weeks annually</li> <li>11 paid holidays per calendar year​</li> </ul> <p>At SIXGEN, we are committed to fair and equitable compensation practices. The anticipated salary range for this role is $100,000 - $135,000 per year, depending on experience and qualifications. This range reflects our compensation philosophy, which takes into account various factors including the candidate's relevant experience, education, skills, LCATs rates and position level, and market competitiveness. In addition to base salary, employees may be eligible for other forms of compensation to include our growth incentive program, incentives and benefits. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Please note that this range is subject to change and should be considered as a guideline rather than a definitive figure.</p> <p>We are committed to fostering an inclusive culture that values diversity in our people, reflecting the communities we serve and our customer base. We strive to attract and retain a diverse talent pool and create an environment where everyone is empowered to be their authentic selves at work.</p> <p>SIXGEN is an Equal Opportunity Employer. We ensure that all applicants are considered for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.</p>

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...