Junior Application Security Penetration Tester (1)
Join us at Sparksoft, where we're not just another tech company—we're a catalyst for change. Our mission isn't just to offer IT solutions; it's to revolutionize the way you work. Here, passion isn't just a buzzword; it's the fuel behind groundbreaking ideas and transformative technologies. We serve a wide range of government clients, delivering impact that's felt across the nation.
Our true strength lies in our people. They're the problem-solvers and innovators consistently delivering extraordinary outcomes. With Sparksoft, you're not stepping into a routine job; you're joining a team committed to innovation and excellence. Our innovation extends beyond just delivering projects. Through our specialized Innovation Centers, we continuously refine our methods, ensuring we remain industry leaders.
We are Sparksoft!
ROLE & RESPONSIBILITIES:
- As a Junior Application Security Penetration Tester, your primary mission is to help safeguard our digital assets by identifying and mitigating vulnerabilities in our web applications and RESTful APIs. You will work closely with development and security teams to ensure our software is resilient against modern cyber threats.
- Perform hands-on security evaluations of web applications and APIs, guided by industry-standard frameworks such as OWASP Top 10 and SANS CWE Top 25.
- Simulate real-world attack scenarios to uncover potential weaknesses in application logic and implementation.
- Conduct both manual and automated reviews of source code, primarily in Java and Scala, to detect security flaws.
- Use static and dynamic analysis techniques to identify issues early in the development lifecycle.
- Detect and document common vulnerabilities including Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), and Privilege Escalation.
- Analyze the root causes of these vulnerabilities and assess their potential impact.
- Provide clear, actionable recommendations to developers and stakeholders for fixing identified vulnerabilities.
- Support teams in implementing secure coding practices and validating fixes.
- Leverage tools such as BurpSuite Pro for dynamic application testing and Postman or Bruno for API security testing.
- Stay updated with the latest tools and techniques in the penetration testing landscape.
- Prepare detailed, well-structured reports that outline findings, risk levels, and suggested mitigations.
- Communicate technical issues in a way that is understandable to both technical and non-technical audiences.
- Work closely with software engineers, architects, and QA teams to integrate security into the software development lifecycle.
- Participate in discussions to align security requirements with business goals.
- Contribute to architectural and design reviews from a security perspective.
- Help shape secure design patterns and influence secure software architecture decisions.
REQUIRED EXPERIENCE:
- Strong understanding of OWASP Top 10 and SANS 25
- Proficiency in vulnerability assessment and code review techniques
- Experience with static, dynamic, and penetration testing of web applications and APIs
- Familiarity with secure coding practices and DevSecOps principles
- Ability to analyze and interpret scan reports from SAST, DAST, and SCA tools
- Basic scripting skills for tool integration and automation
- Excellent communication skills for report writing and stakeholder interactions
- 2-3 years of experience in application security, including:
- Secure code review (Scala, Java, JavaScript, Spring Framework)
- Static and Dynamic Analysis Security Testing (SAST and DAST)
- Manual penetration testing of Web Applications and REST APIs
- Working knowledge of CI/CD processes, AWS security principles, Jenkins, and GitHub
- Proven ability to work independently and as a team member
- Strong organizational, attention-to-detail, multi-tasking, and time-management skills
- Candidates must be able to obtain and maintain a Public Trust clearance
- Candidates must have lived in the United States 3 out of the past 5 year
PREFERRED EXPERIENCE:
- N/A
EDUCATION & CERTIFICATIONS:
- Desired Certifications: GPEN, GWAPT, OSCP, or CompTIA PenTest+ (not required but beneficial)
- A bachelor’s degree in computer science, Information Technology, or a related field is required, or an equivalent combination of education and experience.
If you need accommodation seeking employment with Sparksoft Corporation, please email Sparksoft.Accommodations@sparksoftcorp.com or call 410-424-7700. Accommodations are made on a case-by-case basis.
At Sparksoft Corporation, we take security and protection of personal information very seriously. We will never ask you to send private personal information over email. Accordingly, we ask you to immediately contact our security team via email at abuse@sparksoftcorp.com upon receiving a suspicious request.
Create a Job Alert
Interested in building your career at Sparksoft Corporation? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field