Application Security Ethical Hacker

About Packetlabs

Packetlabs was founded by an ethical hacker who observed vulnerability assessments being misrepresented as penetration tests. Our guiding principle, "Identify Risks Before They Become Headlines," emphasizes the critical importance of not giving our clients a false sense of security. We are a dedicated team of highly trained, proactive ethical hackers. We deliver expert-level penetration testing services that are thorough and customized, fostering a secure digital environment where privacy and security are paramount. Packetlabs consultants excel at uncovering weaknesses that others miss and continuously innovate new methods to bypass controls. We maintain exceptionally high standards and exclusively recruit individuals who share our drive and passion.

Who We Are Looking For

Core Values:

• You have a customer-first mentality and are an excellent communicator with clients, project managers, and teammates.
• You respond rapidly and deliver work on time.
• You take immense pride in your work, seeing it as an autograph of your excellence.
• You dig deeper into every finding, not stopping until impact is thoroughly proven.
• You are comfortable being uncomfortable, facing obstacles directly rather than avoiding them. Consulting demands adaptability to rapidly changing environments.
• You are always learning, recognizing that cybersecurity evolves daily and actively striving to keep pace. You are deeply aware of your skillset and eager to improve.
• You are self-motivated and dependable.
• You are humble, as egos have no place at Packetlabs.

Education and Experience:

• Solid working knowledge of programming languages, including C, C#, Python, Objective-C, Java, JavaScript, SQL, and frameworks like AngularJS.
• Familiarity with web services and data exchange formats such as XML, JSON, SOAP, REST, and AJAX.
• Understanding of AI/LLM weaknesses and flaws in applications.
• Extensive experience and expertise in using an attack proxy (e.g., Burp Suite).
• Preferred if you have 3-5 years of experience working in penetration testing and consulting.
• A graduate of a post-secondary college or university degree program.
• At least two years of experience dealing with information security-related tasks.
• Professional qualifications (one or more): OSCP, OSWE, BSCP. OSCP or Burp is mandatory for our organization.

What You’ll Be Doing

• Your primary role is to perform penetration testing of web applications, mobile applications, thick clients, and APIs.
• Conduct source code review and whitebox penetration testing to prove the impact of application flaws.
• Perform reverse engineering of mobile and thick client applications.
• You will sometimes chain application flaws to other areas, such as cloud and on-prem AD infrastructure. Opportunities for lateral movement into the infrastructure teams are limited and given at the manager's discretion.
• Develop detailed reports on findings and remediations for impactful findings. You will learn to debrief these findings at both a technical and executive level.
• Perform SAST and DAST on enterprise, SaaS, and custom in-house applications.
• Experience in using scanners and knowledge of validation and elimination of false positives.
• A strong understanding of OWASP in Web, API, Mobile, and AI/LLM is necessary, but you will be asked to go beyond.

Why us?

• Immediate and continual offensive security training.
• Wealthsimple GRSP with corporate matching.
• Participation in corporate benefit plans.
• Amazing team and working environment.
• Competitive compensation and growth opportunity.
• Fully remote.

Key skills/competency

• Application Security
• Penetration Testing
• Ethical Hacking
• Source Code Review
• Burp Suite
• OWASP
• SAST/DAST
• Mobile Security
• API Security
• Vulnerability Management