Application Penetration Tester

The Opportunity:

Avantor’s Application Penetration Tester will conduct penetration testing and vulnerability assessments of web applications, mobile applications, and other applications as applicable for compliance with Avantor’s policies, standards, regulatory requirements, and deviation from leading practices. Provide information to management regarding impact to the business caused by theft, destruction, alteration or denial of access to information and systems through report generation. Create targeted remediation guidance for vulnerabilities identified. Develop policies, standards, and standard operating procedures for penetration testing at Avantor. Advise Avantor’s Security Operations teams and development teams on methods of attack and potential detection mechanisms.

What we're looking for

• Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience.
• 2+ years of experience in application penetration testing, with a focus on web and mobile applications.
• Minimum 3 years of software development experience or application security experience.
• Certifications/trainings such as GWAPT, PWAPT, CSSLP, GXPN, or similar are a bonus but not required.
• Strong understanding of common web application vulnerabilities, as well as experience in exploiting and mitigating them.
• Familiarity with security assessment tools such as Burp Suite, OWASP ZAP, Metasploit, sqlmap, and others.
• Proficiency in at least one programming language (e.g., PHP, Java, Python) to develop and customize testing scripts and tools.

Who you are

• You have excellent understanding of the OWASP Top Ten vulnerabilities and other industry leading practices.
• Able to work independently and efficiently, and able to manage a testing project pipeline with numerous tests that could shift in priority at a moment’s notice.
• You have strong analytical and problem-solving skills, with attention to detail.
• Effective communication skills to interact with technical and non-technical stakeholders, both in writing and verbally.
• You can read PHP, Java, Python, Angular, or other similar programming languages to identify vulnerabilities and provide targeted remediation guidance relevant to the language/framework in use.

How you will create an impact

• Conduct crystal box application penetration tests on web and mobile applications to identify security vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), authentication bypass, and more.
• Utilize a combination of manual testing, automated tools, and manual code analysis to identify weaknesses and potential entry points.
• Collaborate closely with development teams and application security engineers to communicate findings, propose remediation strategies, and guide the implementation of fixes.
• Perform security assessments based on industry standards and frameworks.
• Stay up to date with emerging security threats, attack vectors, and mitigation techniques to enhance our testing methodologies and remediation options.
• Document and report test findings, including vulnerability details, risk ratings using OWASP Risk Rating methodology, and remediation recommendations, in a clear and concise manner.
• Contribute to the development of testing methodologies, tools, and leading practices within the application security team.
• Provide guidance and mentorship to developers regarding secure coding practices and vulnerability remediation relevant to their code base.

#LI-Remote

Disclaimer:

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.

Why Avantor?

Dare to go further in your career. Join our global team of 14,000+ associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science.
 
The work we do changes people's lives for the better. It brings new patient treatments and therapies to market, giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his mom's voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents, learn new skills and grow your career at Avantor.
 
We are committed to helping you on this journey through our diverse, equitable and inclusive culture which includes learning experiences to support your career growth and success. At Avantor, dare to go further and see how the impact of your contributions set science in motion to create a better world. Apply today!

Pay Transparency:

The expected pre-tax pay for this position is

$75,000.00 - $124,000.00

Actual pay may differ depending on relevant factors such as prior experience and geographic location.

EEO Statement:

We are an Equal Employment/Affirmative Action employer and VEVRAA Federal Contractor. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state/province, or local law.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at recruiting@avantorsciences.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about equal employment opportunity protections, please view the Equal Employment Opportunity is THE LAW Poster, EEO is the Law Poster Supplement, and Pay Transparency Non-Discrimination Provision.

3rd Party Non-Solicitation Policy:

By submitting candidates without having been formally assigned on and contracted for a specific job requisition by Avantor, or by failing to comply with the Avantor recruitment process, you forfeit any fee on the submitted candidates, regardless of your usual terms and conditions. Avantor works with a preferred supplier list and will take the initiative to engage with recruitment agencies based on its needs and will not be accepting any form of solicitation.