Penetration Tester at Unisys - QATestingJobs.com

Role & seniority: Senior Pentester / AppSec Engineer

Stack/tools: Burp Suite and other proxy tools; SAST/DAST/IAST; AWS; CI/CD (Jenkins, GitLab); GenAI tools; security tooling for IaC and secrets detection

Top 3 responsibilities

Conduct security assessments and manual penetration testing; evaluate vulnerabilities and remediation options
Integrate security practices into the SDLC and DevSecOps pipelines; support tooling, automation, and code review scale
Triage and remediate findings from SAST/DAST/IAST; maintain security documentation, policies, and training materials

Must-have skills

5+ years in cybersecurity and application security
Familiarity with SAST, DAST, IAST; strong OWASP knowledge
Understanding of AWS; proficiency in at least one language (Java, Python, JavaScript preferred)
Experience with CI/CD tools (Jenkins, GitLab)
Ability to communicate security issues to developers and assurance engineers
Knowledge of security engineering, cryptography, and network/system security

Nice-to-haves

Certifications: GWAPT, OSWE, Burp Suite Certified Practitioner
Software development background
Experience with training material development and security awareness programs
Familiarity with GenAI tools and emerging security technologies

Location & work type: Rockville, MD or Tysons Corner, VA; Long Term (on-site involvement expected)

Full Description

Role: Sr. Pentester / AppSec Engineer

Location: Rockville, MD or Tysons Corner, VA

Duration: Long Term

Description

Plan, coordinate and implement application security practices in each phase of software development life cycle though testing, remediation support, tool evaluation, etc.
This role involves in evaluating security vulnerabilities, security tools, implementing security solutions, and leveraging latest solutions to secure code review capabilities.
Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.
Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.
Integrate security practices into C/CD pipeline to support DevSecOps initiative.
Maintain documentation of security findings, remediation plans, and compliance requirements
Develop and interpret security policies and procedures Participate in security compliance efforts
Develop and deliver training materials and perform general security awareness and specific security technology training
Evaluate and recommend new and emerging security products and technologies
Leverage GenAI technologies to scale application security reviews and automate code analysis
Evaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection tools
Stay current with emerging security threats and countermeasures.
Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers.
Perform AWS configuration reviews

Qualifications

5+ years of experience required in Cyber security and application security
Familiarity with SAST, DAST, IAST tools.
Understanding of AWS is required
Deep understanding of OWASP top issues and remediation guidelines.
Proficiency in one or more programming language ( Java, Python, JavaScript is preferred)
Understanding of CI/CD tools such as Jenkins and GITLAB.
Familiarity with GenAI tools is a plus.
Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Candidates with software development background is a plus
Consistent implementation of security solutions
Experience in infrastructure or application-level vulnerability testing and auditing

Penetration Tester