Full-Time

Web App Pen Tester

Confirmed live in the last 24 hours

CoStar Group

CoStar Group

5,001-10,000 employees

Compensation Overview

$114.2k - $203.5kAnnually

Senior

No H1B Sponsorship

Washington, DC, USA

Requires 3 days onsite in Washington, DC.

Category
Cybersecurity
IT & Security
Required Skills
PowerShell
Python
JavaScript
Java
.NET
C#
Perl
Go
C/C++
Requirements
  • Bachelor’s Degree required from an accredited, not for profit university or college (preferably in Computer Science/Cybersecurity)
  • A track record of commitment to prior employers
  • Minimum 6 years total experience in a technical role such as software engineer or security engineer
  • Relevant experience areas (experience required in at least 3): Design, implementation, and operation of a secure software development lifecycle
  • Experience with web application penetration testing and common attack vectors
  • Experience with secure application development
  • Experience with defense-in-depth strategies to help mitigate existing risk within applications
  • Software development experience in a common programming language: C# (preferred), Java, C/C++, Python, or Go
  • Scripting/programming skills - Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration
  • Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk
  • Dynamic application security testing (DAST) through Metasploit, Burpsuite, OWASP ZAP, Acunetix, etc.
  • Industry relevant professional certifications: ISC-2 CISSP, Offensive Security Web Assessor (OSWA) / Expert (OSWE), Offensive Security Certified Profession (OSCP / OSCE), SANS GIAC Penetration Tester (GPEN), SANS GIAC Cloud Penetration Tester (GCPN), SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Responsibilities
  • Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC
  • Develop a repeatable framework to scale application security controls across 100+ applications
  • Consume a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) to secure web applications during development and production run-time.
  • Penetration test web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques
  • Demonstrate risk of detected issues to both technical and non-technical audiences
  • Utilize sustainable methods to automate finding feedback to generate developer work items and trigger re-scan when associated work items are closed.
  • Recommend code changes to eliminate vulnerabilities
  • Automate security testing at various stages within the CI/CD pipeline
  • Develop secure coding standards and training across multiple application frameworks and technologies

Company Stage

IPO

Total Funding

N/A

Headquarters

Washington, District of Columbia

Founded

1987

Simplify Jobs

Simplify's Take

What believers are saying

  • Increased demand for real estate data analytics boosts CoStar's market potential.
  • AI-driven property valuation tools enhance transaction accuracy and efficiency for CoStar.
  • Growing interest in VR and AR in property viewings offers new opportunities for CoStar.

What critics are saying

  • Legal challenges from Move, Inc. could damage CoStar's reputation and finances.
  • Integration of Visual Lease may lead to operational disruptions if not managed well.
  • New financial leadership may cause strategic shifts impacting company stability.

What makes CoStar Group unique

  • CoStar Group is a leader in online real estate marketplaces and analytics.
  • The company is acquiring Visual Lease to enhance its lease administration capabilities.
  • CoStar's platforms integrate sustainable building certifications into their analytics.

Help us improve and share your feedback! Did you find this helpful?