Junior Application Security Penetration Tester


Veris Group’s Adaptive Threat Division (ATD) is composed of highly specialized security testers with a passion for enhancing system security postures by demonstrating how they can be broken. ATD team members actively participate in the information security community, releasing open source toolsets (such as the Empire, PowerTools, PowerForensics, and the Veil-Framework), blog posts and whitepapers. Our team members present at numerous industry conferences throughout the year, including DefCon, ShmooCon, DerbyCon, CarolinaCon and BSides, about penetration testing and red team operations as well as the tools and capabilities we create and share.  Come join an amazing technical security team who makes a difference in the information security industry and consistently pushes the limit of offensive security capabilities.


  • Conduct application security assessments on a wide variety of technologies and implementations utilizing both automated tools and manual techniques
  • Effectively communicate successes and obstacles with fellow team members and team lead(s)
  • Interface with client contact(s) and staff in a constructive and professional manner
  • Ability to communicate effectively with team members, managers and customers
  • Demonstrable aptitude for technical writing, including assessment reports, presentations and operating procedures
  • Good understanding of port numbers, services, protocols, TCP-IP stack, OSI-Model
  • Understanding of application frameworks and architectures
  • Understanding of security principles, policies, and industry best practices
  • Demonstrable aptitude with application penetration methodologies and techniques
  • One year of experience in the IT industry (system administration, software development, etc…)
  • Demonstrable technical experience with UNIX/Linux and Windows operating systems
  • Cross-train to conduct basic network penetration tests


Education/Certification Requirements:



  • Bachelor’s degree in relevant IT field (IS, CS, etc…) for candidates with one to three years of experience



  • Bachelor’s degree in relevant IT field (IS, CS, etc…) a GWAPT or OSWE certification
  • Associate’s degree in relevant IT field (IS, CS, etc…) with a GWAPT or OSWE certification for candidates with three (3) years of experience


Required Experience:

  • Familiarity with common penetration testing methodologies such as the OSSTMM, OWASP Testing Guide and the PTES
  • Ability to demonstrate excellent technical writing and presentation skills.
  • Ability to effectively communicate and defend findings with customer senior management
  • Understanding of web application frameworks and architectures
  • Working knowledge languages commonly used in application development (e.g. Java, C#, Objective-C, PHP, JavaScript, Python, Ruby, SQL, VisualBasic)
  • One year of experience in the information security industry, particularly with application vulnerability assessments and penetration testing

Demonstrable experience with application security assessment techniques and tools, such as: Burp Suite Pro, SOAPUI, OWASP ZAP, IBM AppScan, HP Webinspect, Acunetix WVS, NTO Spider, Cenzic Hailstorm, Nikto


. . . . . . . .

Leave a Reply