Web and Mobile Application Penetration Tester

Key Role:

Work with a wide variety of clients to validate security controls around web resources and mobile applications and their backend web services. Work with a team of seasoned security testing professionals to enhance existing services offerings and security testing capabilities and conduct hands on technical testing focused on identification of OWASP type vulnerabilities in both web application and mobile applications. Conduct full exploitation and leveraging of access within multiple environments, including Windows and Nix environment. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel. Act as the primary interface and lead for web and mobile application security testing ranging from 1-3 additional testers and manage the delivery of staff assignments, as needed. Become part of a team of security enthusiasts that perform cutting-edge research and promote an environment of innovation and knowledge-sharing. This position is open to temporary remote delivery from any location in the U.S., to include the District of Columbia.

Basic Qualifications:

  • Experience with using, administering, and troubleshooting different Linux versions
  • Experience with working in Windows environments
  • Experience with scripting and editing existing code and programming, including Perl, Python, Ruby, Bash, C/C++, C#, or Java
  • Experience with Burp Suite Pro, including identification and usage of relevant plugins
  • Experience with security assessment tools, including Nessus, Accunetix, Metasploit, or Cobalt Strike
  • Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections
  • Knowledge of application, database, and Web server design and implementation
  • Knowledge of network vulnerability assessments, Web application security testing, network penetration testing, or red teaming
  • Bachelor's degree

Additional Qualifications:

  • Experience with working in a commercial consulting or professional services environment
  • Experience with phishing and other social engineering tactics
  • Experience with using Ubuntu preferred
  • Experience with assembly languages, including x86 or reverse engineering

The proposed salary range for this position in Colorado is 110,000 to 140,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

#LI-AH1, #LI-Remote, ID15-CMCL

Not ready to apply? Join our talent community and sign up for job alerts.