Cloud-Based Web APIs Penetration Testing Support Consultant Job at New Era Technology, San Francisco, CA

bHRMVFdNcXpEWmdPcytlT0VlVndnVzRCTmc9PQ==
  • New Era Technology
  • San Francisco, CA

Job Description

Job Description

Job Description

About the opportunity:
New Era Technology is seeking a a Penetration Testing Support Consulting Resident to conduct testing for web APIs for indirect object access permissions and controls on AWS. This is a 5-month remote opportunity.

Key Responsibilities
  • Write RSpec tests in Ruby to ensure code quality. 
  • Set up API endpoint calls using Postman or a similar tool for testing purposes. 
  • Create Python scripts for reporting and for triaging issues. 
  • Establish a test environment to confirm test case validity. 
  • Research API endpoint functionality to clarify desired behaviors. 
  • Verify that each API endpoint functions as intended and meets the specified requirements. 
  • Identify the owner of each endpoint by reviewing code and documentation. 
  • Troubleshoot any issues that arise to maintain smooth testing operations. 
  • Analyze test results and diligently report any defects discovered. 
  • Continuously enhance test automation by updating and maintaining the test framework. 
  • Communicate progress and address any issues through regular status reports. 
  • Collaborate with API developers to tailor testing and analysis. 
  • Conduct penetration testing for web APIs for indirect object access permissions and controls on AWS.
  • Document and report detailed penetration testing results, findings and gaps. 
  • Support analysis, recommendations and potential remediation of identified vulnerabilities.
  • Collaborate with related Information Security Trust Assurance and Threat Detection teams to characterize potential security vulnerabilities.
  • Validate and/or enhance testing protocols, tools or scripts to optimize penetration testing processes.
  • Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff.
  • Provide guidance and recommendations to stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing.
  • Develop comprehensive and accurate reports and presentations for various consumers of penetration testing results.
  • Developing, extending, or modifying exploits, shellcode, or exploit tools.
Required Skills
  • 5+ years experience conducting penetration testing. 
  • 3+ years experience conducting vulnerability analysis. 
  • Test Automation and Frameworks: Proficiency in writing automated tests using RSpec, a testing tool for Ruby. Understanding of test automation frameworks and principles is crucial. 
  • Programming Knowledge: Strong knowledge of Ruby programming language to write tests. Working knowledge of Python and possibly some familiarity with other languages used in the codebase. 
  • API Testing: Experience with API testing tools such as Postman or similar software to create and send requests to API endpoints and analyze responses. 
  • Environment Setup: Ability to set up and maintain test environments, including configuration of databases, servers, and other services that tests depend on. 
  • Troubleshooting: Skills in identifying, diagnosing, and resolving issues that arise during testing. This often requires a good understanding of the system being tested and problem-solving skills. 
  • Version Control Systems: Familiarity with version control systems like Git for searching through code and documentation to identify endpoint owners. 
  • Defect Tracking: Experience with defect tracking and reporting tools to log and manage issues discovered during testing. 
  • Continuous Integration/Continuous Deployment (CI/CD): Understanding of CI/CD principles to integrate automated tests with build pipelines. 
  • Hands on experience with the following: 
  • Scripting Languages (e.g., Python, PowerShell, etc.) 
  • Linux Operating Systems 
  • AWS Security Services 
  • AWS Infrastructure Services 
  • Network protocols (e.g., TCP/IP, UDP, ARP, DNS, and DHCP) 
  • Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.) 
  • Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.) 
  • Cryptography (e.g., PKI, TLS, etc.)
  • Web Application penetration testing 
  • Working knowledge of Identity and Access Management and Authentication Protocols including Active Directory and Entra ID 
  • Familiarity with the following: 
  • Windows Operating Systems 
  • Source code vulnerability analysis 
Preferred Skills
  • Taking initiative and being proactive 
  • Excellent interpersonal communication skills with strong spoken and written English. 
  • Collaborative team worker – both in person and virtually using MS Teams or similar. 
  • Excellent analytical skills. 
  • Organizational skills with attention to detail. 
  • Ability to leverage existing documentation. 
  • Excellent documentation skills; demonstrated proficiency in Microsoft Office including Word, Excel and PowerPoint. 
  • Business outcomes mindset. 
  • Solid balance of strategic thinking with detailed orientation. 
  • Self-starter, ability to take initiative. 
  • Flexibility to accommodate working across different time-zones. 
Required Education
  • Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience. Cybersecurity certifications such as EC-Council CEH, CISSP, CISM a plus.
About Us:
New Era Technology is a community of like-minded, like-hearted people who share the same vision and values: Community, Integrity, Agile, and Committed.

These visions and values tie into our daily work, to serve as a trusted technology adviser to our customers. Often a single project leads to a long-lasting partnership where we have the continued privilege of helping our customers deliver valuable technology solutions that improve efficiencies and experiences to their employees and customers.

EEO Statement:
New Era Technology is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status. 

 

Powered by JazzHR

sWRp5V67lR

Job Tags

Work experience placement, Remote job,

Similar Jobs

Radisson Panama City Beach

Housekeeping Manager Job at Radisson Panama City Beach

The Housekeeping Manager is responsible for the overall cleanliness and maintenance of the hotel's guest rooms and public areas. They oversee a team of housekeepers and ensure that all hotel standards are met. The Housekeeping Manager must be able to manage staff effectively... 

Robinson Brothers Construction, LLC

Project Manager - Telecom ONLY Experienced Job at Robinson Brothers Construction, LLC

 ...Brothers Construction is a wholly owned subsidiary of Quanta Services, Inc. (NYSE: PWR), the largest utility contractor in North America...  ...overall administrative, technical, financial, and resource management of the project from initial bid preparation through completion... 

Rula Health

Part Time Remote Licensed Psychologist Job at Rula Health

 ...also easily adjust your availability at any time. Best-fit client referrals: Well help...  ...Rula a place you can feel proud to be part of. Minimum Qualifications Must be...  ...in Illinois Must be able to provide telehealth Work Remotely Yes IL, US... 

Easy Recruiter

Data Analyst / Entry Level (Remote) Job at Easy Recruiter

About the job Data Analyst / Entry Level (Remote) Healthcare Admin Jobs is seeking a Data Analyst. Our philosophy is to recruit and retain only high-caliber professionals, provide them with a rewarding work environment, and compensate them well for their hard... 

Burns & McDonnell

Electrical, Instrumentation, and Controls - Pipeline & Facilities (California) Job at Burns & McDonnell

 ...for clients across the US. Main responsibilities include working with the team to create electrical, instrumentation and controls components of pipeline facility design deliverables. Projects range in size and complexity from small utility regulator station upgrades to...