HA

Halock Security Labs

Senior Offensive Security Consultant - Web App/API

Job summary

Denver

Work model

Fully remote
Only United States
5 days ago
Job description

Requirements

Must have:

  • Minimum of 6-8 years in hands-on manual web application and API penetration testing across diverse technologies
  • Strong understanding of web application and API security testing tools
  • Relevant industry certification (e.g., OSWA, BSCP, ASCP, etc.)
  • Proven capability to create custom tooling in Python, Bash, or similar languages
  • Excellent troubleshooting skills
  • In-depth knowledge of industry-standard penetration testing frameworks and methods (e.g., PTES, OWASP, MITRE ATT&CK)
  • Strong organizational abilities and capability to deliver with minimal oversight
  • Exceptional professionalism along with effective communication and writing skills
  • Ability to manage multiple tasks without compromising deadlines or quality
  • Basic project management skills, including following established processes, identifying risks, and self-management abilities
  • Capability to conduct assessments as outlined in project plans, adhering to budgets and timelines

Responsibilities:

  • Execute web application and API penetration testing utilizing various manual techniques and tools
  • Create custom proof-of-concept exploits and tools when automated solutions fall short
  • Generate clear and thorough technical reports and executive summaries that identify vulnerabilities, their business impact, and remediation strategies
  • Keep up to date with emerging threats, TTPs, and cybersecurity advancements
  • Contribute to the enhancement of HALOCKs penetration testing framework, deliverables, custom script development, and ongoing research
  • Engage actively in project kickoff and report delivery meetings
  • Maintain professional standards in both client-facing and internal communications, ensuring preparedness and responsiveness throughout engagements.

Company:

Since our inception in 1996, HALOCK Security Labs has established itself as a respected authority in cybersecurity, assisting organizations in understanding and reducing their material hazards through effective Cybersecurity Governance. With over 500 clients, we specialize in a range of services including Penetration Testing, Incident and Breach Response, PCI QSA, ISO 27001 implementation, and our distinctive Duty of Care Risk Analysis (DoCRA) methodology. We have also developed innovative solutions for risk management such as the CIS Risk Assessment Method and the Reasonable Risk SaaS platform. We are committed to helping our clients achieve tailored security that aligns with their unique risks while reaching their operational objectives. This full-time, remote position for a Senior Offensive Security Consultant offers a competitive pay range of $130,000.00 - $165,000.00 per year, alongside benefits like a 401(k) plan, health insurance, paid time off, and opportunities for professional growth.