Most recent job postings at Burp suite
via Salary.com schedule_type: Full-timework_from_home: 1
Job Description We have a new project we’re looking to find a consultant for: Burp Suite SME... Length: 6 months REMOTE Client based in EST timezone Consultant to perform the following work: • Deployment and configuration of Burp Suite Enterprise. • Administration & operationalization of Burp Suite Enterprise to automate scanning of the customers critical web applications. • Work can be performed remotely. Report this job • Dice Id: Job Description

We have a new project we’re looking to find a consultant for: Burp Suite SME...
Length: 6 months

REMOTE

Client based in EST timezone

Consultant to perform the following work:
• Deployment and configuration of Burp Suite Enterprise.
• Administration & operationalization of Burp Suite Enterprise to automate scanning of the customers critical web applications.
• Work can be performed remotely.

Report this job
• Dice Id: 10240726
• Position Id: 7808066
Show more details...
via CareerBuilder posted_at: 6 days agoschedule_type: Full-time
Skill & Roles: " Working experience and good hands-on understanding of Dynamic Application Security Testing (DAST) and API security testing... " In-depth knowledge of vulnerability assessment tools (AppScan, Burp Suite, Postman) " Working experience and good hands-on understanding of application penetration testing " Solid foundation of common software vulnerabilities and their remediation/ mitigation techniques " Working knowledge of regulatory Skill & Roles:

" Working experience and good hands-on understanding of Dynamic Application Security Testing (DAST) and API security testing...

" In-depth knowledge of vulnerability assessment tools (AppScan, Burp Suite, Postman)

" Working experience and good hands-on understanding of application penetration testing

" Solid foundation of common software vulnerabilities and their remediation/ mitigation techniques

" Working knowledge of regulatory and industry security standards

" Working knowledge of vulnerability assessment using industry best practices such as OWASP top 10, CWE/ SANS TOP 25 standards

" False positive analysis to verify vulnerabilities

" Review emails and associated Jira tickets for new scan or re-scan requests

" Execute the automated scan, utilizing AppScan Std.

" Perform specific manual scans using Burp Suite, Postman, Nmap or Fiddler or similar tools

" Issue the report to development, after all vulnerabilities have been entered into Jira

" Review and understand any vulnerabilities that are present against the application requesting support

" Demonstrate security testing results, explain the threat presented by the results, and consult on remediation/ mitigation

Additional roles for the lead:

" Co-ordinate and follow up with application developer teams and security testing teams

" Capable of analyzing customer requirement and design/ implement per project defined process

Tool:

Jira, AppScan, Burp Suite, Postman, Nmap or Fiddler or similar tools
Show more details...
via Upwork posted_at: 24 days agoschedule_type: Contractorwork_from_home: 1
hi, I need someone to connect on my team viewer and setup Burp suite with Genymotion to intercept android apps I am able to intercept browser requests but not apps. I think you would have to install the Burp Cert on system... job need to be done in next HOUR budget is 60 hi, I need someone to connect on my team viewer and setup Burp suite with Genymotion to intercept android apps

I am able to intercept browser requests but not apps. I think you would have to install the Burp Cert on system...

job need to be done in next HOUR

budget is 60
Show more details...
via ZipRecruiter schedule_type: Full-time
o Familiarity with proxy tools (Burp Suite/ZAP) o Understanding of OWASP Top 10/NIST Standards... o Nice to have - SANS or sive Security certifications (OSCP/OSWA), Experience with Hack the Box, CTFs, and/or Portswigger Academy (edited) o 3-5+ years experience with pen testing, especially mobile/web applications o Familiarity with proxy tools (Burp Suite/ZAP)

o Understanding of OWASP Top 10/NIST Standards...

o Nice to have - SANS or sive Security certifications (OSCP/OSWA), Experience with Hack the Box, CTFs, and/or Portswigger Academy (edited)

o 3-5+ years experience with pen testing, especially mobile/web applications
Show more details...
via Lever schedule_type: Full-time
Location: Reston VA, or Full-time REMOTE Category: Technology... Schedule (FT/PT): Full Time Travel Required: N/A Shift: Standard business hours, main working hours are on EST Potential for Telework: Yes Clearance required to start: None Citizenship: US Citizen (non-dual citizenship) MelkoTech is looking for a candidate who will lead hunts for vulnerabilities that could lead to a data breach or IT disruption to improve the information security Location: Reston VA, or Full-time REMOTE

Category: Technology...

Schedule (FT/PT): Full Time

Travel Required: N/A

Shift: Standard business hours, main working hours are on EST

Potential for Telework: Yes

Clearance required to start: None

Citizenship: US Citizen (non-dual citizenship)

MelkoTech is looking for a candidate who will lead hunts for vulnerabilities that could lead to a data breach or IT disruption to improve the information security posture and reduce the likelihood of disruptive cybersecurity even.

Responsibilities:

-Extensive knowledge of NIST RMF framework and security controls; integrations testing;

- Certifications and accreditation (C&A) and/or assessment and authorization (A&A);

- Responsible for examination and assessment over organization’s information technology infrastructure, policies and operations;

- IT concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, and information processing systems;

- Provide technical leadership for a penetration testing team in support of a federal civilian client;

- Perform external and internal penetration tests using industry standard tools such as Metasploit, CoreImpact, Nmap, Burp Suite etc.

- Develop custom scripts or tools used for vulnerability scanning and identification as part of penetration testing and red teaming tests in the performance of penetration testing;

- Identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected;

- Perform mobile application penetration testing Support Source code reviews in C/C++, C#, VB.NET, ASP, PHP, or Java to identify security vulnerabilities Recommend remediation actions to mitigate valid findings;

- Understanding of FISMA, PCI, and Federal Risk and Authorization Management Program (FedRAMP) programs and penetration testing requirements associated with them;

- Support technical assessments of IT systems to include web applications, application servers, web servers, access control, and databases;

- Conduct automated testing of web applications and APIs for susceptibility to SQL injections, command injections, Cross-Site Scripting, and Cross Site Request Forgery vulnerabilities using commercial and open-source tools: OWASP ZAP, Burp, HCL AppScan;

- Conduct automated vulnerability scanning against supporting infrastructure components using commercial and open-source scanning tools: nikto, nessus, nmap, and metasploit;

Basic Qualifications:

- BS and 8+ years of FISMA and auditing related experience required;

- Bachelor's degree in Engineering, Computer Science, or related field of study preferred;

- 8+ years of experience as Audit Specialist;

- Conducting/leading web penetration tests and vulnerability assessments;

- Experience collaborating with Federal Agencies to mature operational processes, reduce redundancies, and develop innovative solutions

- Perform external and internal penetration tests using industry standard tools such as Metasploit, CoreImpact, Nmap, Burp Suite etc.

- Ability to develop custom scripts or tools used for vulnerability scanning and identification as part of penetration testing ;

- Understanding of cloud computing models, technologies and concepts ;

- Ability to red teaming tests in the performance of penetration testing;

- Proficient in mobile application penetration testing ;

- Proficiency with at least two scripting languages (e.g. Python, Bash, JavaScript, PowerShell);

- Have experience with any of the following: Windows and Linux based Operating Systems TCP/IP Ports Active Directory DNS DHCP Switch / Router configuration ;

- Strong written and verbal communication skills, strong analytical skills and ability to work both independently and collaboratively.

Certification : CISSP; CISA; or FITSP-Auditor (FITSP-A
Show more details...
via Marietta, GA - Geebo posted_at: 4 days agoschedule_type: Full-timesalary: 20–28 an hour
Oversee Qualys Web Application Scanning (WAS) self-service security scanning solution for the application development community. Assist development teams in effectively utilizing Qualys WAS to run authenticated discovery/vulnerability scans using custom login scripts and Selenium IDE. Provide remediation guidance and direction to developers on resolving vulnerabilities identified by Qualys WAS... (XSS, SQL Injection, other OWASP Top 10 vulnerabilities. ) Oversee Qualys Web Application Scanning (WAS) self-service security scanning solution for the application development community.
Assist development teams in effectively utilizing Qualys WAS to run authenticated discovery/vulnerability scans using custom login scripts and Selenium IDE.
Provide remediation guidance and direction to developers on resolving vulnerabilities identified by Qualys WAS... (XSS, SQL Injection, other OWASP Top 10 vulnerabilities.
) Maintain audit records for identity and access management purposes on access to Qualys WAS.
Utilize Tableau and Splunk to provide metrics benchmarking the success of rolling out Qualys WAS to the AppDev community globally.
Availability to work occasional off-hours to complete assessments tied to meeting critical business objectives.
Required Candidate Qualifications Bachelor's Degree in Information Security, Computer Science, I.
T.
, I.
S.
, Engineering, Analytics or equivalent.
Hands on technical experience with dynamic application security testing (DAST) and/or static application security testing (SAST) tools (IBM AppScan Standard, HPE Fortify SCA, Burp Suite Pro).
In-depth knowledge of Qualys and related modules offered (Vulnerability Management, Malware, WAS, etc.
) Experience in deploying and supporting physical/virtual scanning appliances in enterprise environments.
Deep analytical skills, strong out-of-the-box thinking.
Ability to effectively perform detailed-oriented technical information security work on a full-time basis.
Excel independently in a fast-paced environment.
Effective oral and written communication skills.
Security Tools
Experience:
IBM AppScan Fiddler Burp Suite Pro Fortify SCA SoapUI NO THIRD PARTIES, NO SUB-CONTRACTORS, NO CORP to CORP Data Resource Technologies Inc.
is an Information Technology Staffing Firm serving the markets of the United States of America; the greatest country in the world.
We work with Direct Clients Only and do not participate in multi layer contracts.
Earn The Most Possible and put over 60 years of Information Technology Industry experience to work for you today, Call or Apply NOW!!!.
Estimated Salary: $20 to $28 per hour based on qualifications
Show more details...
via Dice posted_at: 1 day agoschedule_type: Contractor
Role: Pen Testing (Manual + Automation) Location: Austin, Texas, US Duration: Long Term Description... Security Engineer requirement. This is with automated vulnerability testing using Burp Suite Pro. This one has 4 positions. More details on the skills/JD are below. Must understand all aspects of security engineering. Should be able to: Identify vulnerabilities through test, system design review or code analysis; Explain how a vulnerability exploitation Role: Pen Testing (Manual + Automation) Location: Austin, Texas, US Duration: Long Term

Description...

Security Engineer requirement. This is with automated vulnerability testing using Burp Suite Pro. This one has 4 positions. More details on the skills/JD are below.
Must understand all aspects of security engineering. Should be able to:
Identify vulnerabilities through test, system design review or code analysis;
Explain how a vulnerability exploitation works and root cause;
Recommend secure solutions and mitigations, tailored to each environment.
Have strong communication skills (Written/Verbal)
Must be able to work through a project from Mobilization to Testing/Validation phases
Understanding of QE/QA process
Strong Documentation capabilities
Security Tools required for testing ie. Burp Suite Pro
Show more details...
via Glocomms posted_at: 22 days agoschedule_type: Full-time
I'm working with a Leading professional services company who I looking to bring on a Penetration Tester to their security team. In this role you will work with a variety of clients to validate their security controls and incident response through offensive security operations including Red and Purple teaming. The team consists of security testing professionals and your objective is to enhance... existing security testing capabilities and conduct hands I'm working with a Leading professional services company who I looking to bring on a Penetration Tester to their security team. In this role you will work with a variety of clients to validate their security controls and incident response through offensive security operations including Red and Purple teaming. The team consists of security testing professionals and your objective is to enhance... existing security testing capabilities and conduct hands on technical testing with a focus on detection and response. You will be applying security testing and penetration testing techniques to a wide range of projects all while developing comprehensive and accurate reports and presentations for both technical and executive audiences.

This is a great opportunity to gain amazing experience with a well-known company in the professional services space.

This role is a hybrid opportunity located in Mclean, VA and compensation for the role ranges from 105K -115K base.

Qualifications
• 1 + years of experience with Offensive Security Testing
• Experience working in a Windows environment and with Active Directory
• Experience with Scripting using Perl, Python, Ruby, Bash, C/C++, C# or Java
• Experience with Security Assessment tools such as Nessus, Metasploit, Burp Suite Pro, Cobalt Strike, Sliver, Havoc, or Covenant
• Experience working in AWS cloud environments
• Experience with Network Vulnerability Assessments, Web Application Security Testing, Network Penetration Testing or Security Operations

If this sounds like a good fit for you, apply now
Show more details...
via Glocomms UK posted_at: 22 days agoschedule_type: Full-time
I'm working with a Leading professional services company who I looking to bring on a Penetration Tester to their security team. In this role you will work with a variety of clients to validate their security controls and incident response through offensive security operations including Red and Purple teaming. The team consists of security testing professionals and your objective is to enhance... existing security testing capabilities and conduct hands I'm working with a Leading professional services company who I looking to bring on a Penetration Tester to their security team. In this role you will work with a variety of clients to validate their security controls and incident response through offensive security operations including Red and Purple teaming. The team consists of security testing professionals and your objective is to enhance... existing security testing capabilities and conduct hands on technical testing with a focus on detection and response. You will be applying security testing and penetration testing techniques to a wide range of projects all while developing comprehensive and accurate reports and presentations for both technical and executive audiences.

This is a great opportunity to gain amazing experience with a well-known company in the professional services space.

This role is a hybrid opportunity located in Mclean, VA and compensation for the role ranges from 105K -115K base.

Qualifications
• 1 + years of experience with Offensive Security Testing
• Experience working in a Windows environment and with Active Directory
• Experience with Scripting using Perl, Python, Ruby, Bash, C/C++, C# or Java
• Experience with Security Assessment tools such as Nessus, Metasploit, Burp Suite Pro, Cobalt Strike, Sliver, Havoc, or Covenant
• Experience working in AWS cloud environments
• Experience with Network Vulnerability Assessments, Web Application Security Testing, Network Penetration Testing or Security Operations

If this sounds like a good fit for you, apply now
Show more details...
via SmartRecruiters Job Search schedule_type: Full-time
Job Description Security Application Engineer... Seattle (Bellevue, WA) Long Term Project Need GC and USC Must have IBM App Scan, Fortify, BURP Suite, Kali Linux, SOAP UI, Application Test, Penetration Test expertise Top Three Skills: 1) IBM App Scan 2) Web Services Tools (SOAP UI, BURP Suite, Kali Linux) Job Description: Security team is seeking an enthusiastic Security Application tester who will test applications for security compliance. Job Description

Security Application Engineer...

Seattle (Bellevue, WA)

Long Term Project

Need GC and USC

Must have IBM App Scan, Fortify, BURP Suite, Kali Linux, SOAP UI, Application Test, Penetration Test expertise

Top Three Skills:

1) IBM App Scan

2) Web Services Tools (SOAP UI, BURP Suite, Kali Linux)

Job Description:

Security team is seeking an enthusiastic Security Application tester who will test applications for security compliance. The successful candidate will have experience with Enterprise Applications and Information Security. The scope of applications to be tested are software that are used to run its business, not software which is sold or provided to end customers. The type of applications range from web services to line of business applications to mobile or cloud applications. Candidates will be responsible for insuring all applications meet enterprise minimum security specifications and escalate for potential deviations when they do not. Being able to communication clearly, establish partnerships with team members and stakeholders as well as potentially offload portions of the work to staff augmentation resources will be required.

Essential Functions

• Perform security, compliance, and risk assessments on projects throughout project lifecycle using sdlc, waterfall or rup methodologies

• Support information security review of new technologies, designs, and remediation planning efforts

• Investigates and identifies security needs & recommends plans/resolutions. Implements, tests & monitors info security improvements.

• Maintain visibility inside & outside of info security, interfacing with groups such as billing ops, application support, engineering ops, finance, legal, privacy, risk management, etc.

• Support info security policy lifecycle throughout, including intake, creation, review, approval, implementation, publishing, communication & maintenance

• Supports security projects driven by groups both internal and external to info security

• Experience with static and dynamic vulnerability identification using industry leading scanning tools and manual code reviews

• Experience with the Top 10 OWASP (Open Web Application Security Project) vulnerabilities (most critical web vulnerabilities) and how to identify and remediate them

• Solid understanding of Information Security in general and the specific behaviors that would secure Intel's information assets

• Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand; and ability to effectively communicate with both non-technical and technical people

• Strong problem solving with the ability to methodically and objectively analyze and resolve Information Security challenges

• Ability to work well inside and outside the team. Exchanging ideas, knowledge, experience and thoughts can boost the quality and the efficiency of the solution, so great testers must always be eager to coordinate well with their team members and other teams as well.

• Great stakeholder management skills and experience due to the escalation process

Additional Information

If you are interested in the below position please forward your profile to preethib@usmsystems(dot)com or call me on 703 468 0398
Show more details...