Now100
Role Overview
We are seeking an experienced Penetration Tester to perform comprehensive security assessments of our web applications. The goal is to identify vulnerabilities, validate security controls, and provide actionable remediation guidance to strengthen our application's security posture.
Scope of Work
- Conduct scoped penetration testing on designated web applications.
- Identify and exploit vulnerabilities in:
- Authentication and authorization mechanisms.
- Input validation and data handling.
- Session management.
- API endpoints and integrations.
- Business logic flaws.
- Assess compliance with OWASP Top 10 and other relevant security standards.
- Perform manual testing supplemented by automated tools.
- Provide detailed risk analysis and prioritize findings based on impact and likelihood, per Western Union risk rating.
- Deliver a comprehensive report including:
- Executive summary.
- Technical details of findings.
- Recommended remediation steps.
Required Qualifications
- Strong knowledge of OWASP Top 10.
- Common web vulnerabilities (SQL injection, XSS, CSRF, etc.).
- Business Logic flaws in Financial Services Apps.
- Familiarity with secure coding practices and modern frameworks.
- Proficiency with penetration testing tools (Burp Suite, OWASP ZAP, etc.).
- Ability to produce clear, actionable reports for both technical and non-technical audiences.
- Vulnerability report with severity ratings.
Seniority Level
Mid-Senior level
Employment Type
W2 Only
Job Function
Finance