Job Description

Job Title: Application Penetration Tester

Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid)

Duration: 12 Months + Possibility to Extend and/or Convert to FTE

Pay Rate: $65 - $70/HR (W2 Only)

Job/Role Description:

• This role focuses on identifying, validating, and exploiting security vulnerabilities through hands-on, manual penetration testing across a broad range of application technologies.
• This position will conduct application penetration testing on browser-based/web applications, APIs, and mobile applications (mainframe and thick client experience a plus) using primarily manual techniques supplemented by automated tools, including authentication/authorization testing and business-logic abuse cases.
• Perform deep defect analysis by reproducing, validating, and safely demonstrating security impact, including chained attack paths where applicable, while triaging and dispositioning false positives from automated tooling.
• Configure and tune automated application security testing tools to improve coverage, accelerate discovery, and complement manual testing efforts.
• Produce clear, reproducible technical reports with detailed evidence including steps to reproduce, impacted components/endpoints, risk/impact assessment, and practical remediation guidance.
• Collaborate with application development and security teams to ensure shared understanding of defects, support prioritization, and drive timely remediation through defect walkthroughs and follow-up activities.
• Support continuous improvement of penetration testing methodologies and processes by leveraging industry standards and best practices.
• Collaborate with team members to share knowledge, complete peer reviews of reports, and strengthen overall testing capabilities.
• Communicate findings and risks clearly to technical and non-technical stakeholders, supporting readouts, status updates, and remediation Q&A sessions.

Required Qualifications

• 2+ years of hands-on application penetration testing experience with a strong emphasis on manual testing, beyond reviewing or validating automated scanner results
• 2+ years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings
• 2+ years of Cybersecurity experience, or equivalent demonstrated through one or a combination of work experience, training, military experience, or education
• Experience conducting penetration testing on browser-based/web applications and APIs required; experience with mobile, mainframe, or thick client applications a plus
• Proficiency with application security testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler a plus
• Strong knowledge of common application security vulnerabilities and the OWASP Top 10
• Experience with scripting and automation (e.g., Python, Shell) a plus
• Knowledge of security best practices and compliance standards such as PCI DSS and GDPR preferred
• Demonstrated understanding of security risks in AI/ML-enabled applications (e.g., prompt injection, sensitive data exposure, insecure integrations) a plus
• Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent a plus
• Excellent written and verbal communication skills with the ability to convey technical findings clearly to diverse audiences
• Strong problem-solving and analytical skills
• Proven ability to work effectively in a team-oriented, collaborative environment and partner with cross-functional teams
• Ability to prioritize tasks and deliver high-quality results in a dynamic, fast-paced environment
• Highly self-motivated and directed with strong organizational skills and keen attention to detail
• Strong customer service orientation focused on delivering actionable insights and supporting timely remediation
• This position offers a hybrid work schedule with consistent Monday–Friday hours (flexible as long as schedule remains consistent)