Sr. Application Security Consultant (MUST BE A US CITIZEN.)
Lets cut to the chase: If you like to get your hands dirty, find 0-day on web apps and products every day, smash mobile apps like taters, think of API's as ( Always Pwning Infrastructure) and overall are willing to take the pepsi challenge vs any other app tester out there, Let's chat!
As a boutique Security consulting organization, we pride ourselves on the work we do and the clients we have as partners. Every member of the company delivers on the services we provide and we have an EXTREME sense of pride and unity as a team. Everyone has a specialty, but at LARES, we strive to develop every member to the fullest of their potential. We expect all engineers to expand their skill set in ALL disciplines and frown on the “rat holed" approach that many companies take with their talent. We are looking for engineers with talent in the following area, but our most important requirement is that if you apply, you are ready to join a TEAM!
SENIOR Application Security Consultant / Engineer:
Do you feel most at home with a browser and a proxy at your fingertips? Do you feel like scanners are just to catch the low hanging fruit and that the real findings are left for the real testers? Have you tested hundreds of applications and still want more? If this describes you, you’re in luck! We are looking for an experienced developer/application security tester to join our team of highly skilled penetration testers.
If you feel most at home with a scanner and manually following up on those vulnerabilities, this is NOT the kind of job we are offering.
The ideal candidate will have the following at a MINIMUM:
Three (3) years experience exclusively performing application security testing/code review or five (5) years mixed experience performing application security assessments, code review, and software development.
- Advanced ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner (a browser, a proxy, an editor, and YOU)
- Extensive experience/expertise in the use of Burp, Zap, etc
- Experience in use of Source Code scanners (Veracode, Fortify, Sentinel, Checkmarx, AppScan Source, etc) and the ability to manually validate findings/eliminate false positives
- As much as we do not lean on scanner and use them sparingly during testing, experience with the use of various web application vulnerability testing suites is expected (Netsparker, AppScan, WebInspect, Acunetix, etc)
- Intermediate knowledge of Web Services technologies such as XML, JSON, SOAP, REST, AJAX, etc
- Programming experience in two of the following languages: C#, Java, Python, Ruby
- Experience with Enterprise Java or .NET web application frameworks
- Database knowledge in SQL,MySQL Oracle, etc
All of our consultants, whether working onsite with a client or remotely, are expected to treat clients with respect. Our clients are our partners and we are an extension of their team, whether that is for a single engagement or as part of a multi-year engagement. Every position at LARES is a client-facing one, so you need to be able to write reports, communicate ideas, answer questions, and otherwise interact with clients in a respectable manner. If you think clients are dumb and their code sucks (even if it does), this is not the right place for you
NICE TO HAVE…
Know your way around the common professional exploitation frameworks ( Core Impact, Canvas, Metasploit) and have a strong working knowledge of exploitation outside of the typical "click to exploit" type of testing.
TO BE CLEAR:
WE ARE NOT ASKING IF YOU CAN SCAN SOMETHING AND ONLY ATTEMPT AN EXPLOIT THAT IS IN MSF/CORE/CANVAS.
You should have a full working knowledge of KALI Linux or other testing distributions and most of the tools within. Experience penetration testing as a consultant is preferred. We believe that writing reports is just as important as finding the flaws, so you should be able to communicate professionally and write good reports
Certs that are nice to have:
CISSP, CISA, OSCP, OSWP, OSCE, OSEE, OSWE, ANY of the GIAC certs, CEH, LTP...etc
Although certs are nice, you don’t need to have them. As long as you can PROVE your skill, certs are just paper.
Greater Denver Area (Downtown)
Greater Atlanta Area (Peachtree Corners)
Full REMOTE – If you’re the right person, you can work anywhere in the mainland US that has fast internet and is near an airport.
** If you'd rather have the option to come to the office but aren't currently local we are happy to talk about relocation possible for the right candidate**
Candidates can work directly with partners and senior members of the team
If you are looking for a straight 9-5 job, you’re probably better off looking elsewhere. We work hard and play even harder. We expect you to live your life and enjoy it, but we also want you to have just as much fun working with the team and our list of clients. We are a family and treat each employee AND client as a member of that family. We also have our own families and understand that work life balance is essential to the health of our teammates. Beyond being conscious of that balance, Lares provides Unlimited PTO, 100% Paid employee healthcare, Referral bonuses on all work generated by employee sales efforts, ample research time, conference support and much more.
We strongly support community involvement and our team members regularly speak at conferences around the world. Our engineers have time in their schedule dedicated to research and teaching/speaking. Yearly trips to conferences and classes are encouraged.
Salary commensurate with experience.
But for the sake of putting down a number 120,000-180,000k +/-
If you’re still reading and interested, please send over a resume and a note explaining why you think you would be a good fit.
jobs *(AT)* Lares ***DOT**com
Job Type: Full-time
Salary: $125,000.00 to $180,000.00 /year
- Security Consulting: 3 years (Preferred)
- BurpPro: 4 years (Preferred)
- App Vuln Scanning Tools: 3 years (Preferred)
- Fuzzing: 3 years (Preferred)
- Source Code Review (Manual): 3 years (Preferred)
- API Assessment: 3 years (Preferred)
- Fully Remote
- One location
- On the road
- Health insurance
- Dental insurance
- Vision insurance
- Paid time off
- Flexible schedule
- Parental leave
- Relocation assistance
- Professional development assistance
This Job Is Ideal for Someone Who Is:
- Innovative -- prefers working in unconventional ways or on tasks that require creativity
- Achievement-oriented -- enjoys taking on challenges, even if they might fail
- Adaptable/flexible -- enjoys doing work that requires frequent shifts in direction
Company's Facebook page: