Application Offensive Security Consultant

Job Title: Application Offensive Security Consultant

Job Location: Jersey City, NJ

Job Type: Contract (Hybrid)

Job Summary

Join our Application Security team as part of our Technology Risk initiative to support offensive security assessments and provide expert guidance on key projects. As an Application Offensive Security Consultant, you will be responsible for penetration testing, security assessments, and vulnerability identification across applications and APIs.

Key Responsibilities

• Conduct offensive security testing on applications and APIs.
• Perform manual penetration testing to identify vulnerabilities beyond automated scans.
• Evaluate application threats and assess security risks.
• Provide detailed vulnerability reports with remediation recommendations.
• Collaborate with Security Architects, Product Managers, and Risk Managers to implement security best practices.
• Stay updated on emerging attack methodologies and security trends.

Required Skills & Experience

• 6+ years of experience in web application security testing.
• 4+ years of hands-on experience with penetration testing tools, such as:
• Burp Suite
• OWASP ZAP
• Strong understanding of:
• OWASP Top 10 vulnerabilities
• MITRE ATT&CK Framework
• Ability to manually discover vulnerabilities beyond automated scanning.
• Bachelors degree in a relevant field or equivalent experience.

Preferred Qualifications (Nice to Have)

• Certifications in offensive security/penetration testing, such as:
• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• Experience in Red Teaming and Adversarial Testing.
• Active participation in Capture the Flag (CTF) competitions or platforms like TryHackMe, HackTheBox.
• Ability to work under pressure, manage multiple tasks, and adapt to dynamic security challenges.