Penetration Tester (Java Application Security)

About the jobTitle: Penetration Tester (Java Application Security)Location: Albany, NY (Travel Required – Twice Monthly)Employment Type: Contract (6+ Months)Status: Accepting CandidatesAbout the roleJoin a cybersecurity team responsible for identifying, testing, and strengthening enterprise application security across Java-based systems and web applications. This role focuses on penetration testing, vulnerability assessments, secure code analysis, and supporting secure application development initiatives.The ideal candidate will have strong hands-on penetration testing experience, expertise in Java application security, and a deep understanding of web application vulnerabilities and remediation strategies.Key ResponsibilitiesConduct penetration testing and vulnerability assessments for enterprise applicationsPerform security testing for Java-based systems and web applicationsEvaluate applications against industry security standards and vulnerability frameworksIdentify and exploit common web vulnerabilities including:Injection attacksCross-site scripting (XSS)Authentication and session vulnerabilitiesUtilize penetration testing tools to simulate real-world attack scenariosPerform secure code reviews and application security assessmentsAssess encryption methods and secure communication protocolsProvide detailed security reports including:Vulnerabilities identifiedRisk analysisRemediation recommendationsCollaborate with development and engineering teams to improve application security postureSupport security testing for:APIsWeb servicesEnterprise application environmentsAssist with security best practices and secure development guidanceQualifications3+ years of experience in penetration testing or application securityStrong experience with:Java application securityWeb application penetration testingVulnerability assessmentsHands-on experience identifying and exploiting:SQL InjectionCross-Site Scripting (XSS)CSRFAuthentication vulnerabilitiesExperience with penetration testing tools such as:Burp SuiteOWASP ZAPNmapMetasploitStrong understanding of:OWASP Top 10Secure SDLCApplication security best practicesExperience performing secure code reviews and security analysisKnowledge of:Encryption standardsSecure communication protocolsAPI security testingStrong analytical, documentation, and communication skillsPreferred QualificationsExperience with cloud application securityKnowledge of secure coding practices for Java applicationsExperience supporting enterprise-scale security programsSecurity certifications such as:CEHOSCPGWAPTExperience working in regulated or government environments