Application Penetration Tester

Job Title: Application Penetration Tester

Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid)

Duration: 12 Months

Job/Role Description:

- This role focuses on identifying, validating, and exploiting security vulnerabilities through hands-on, manual penetration testing across a broad range of application technologies.

- This position will conduct application penetration testing on browser-based/web applications, APIs, and mobile applications (mainframe and thick client experience a plus) using primarily manual techniques supplemented by automated tools, including authentication/authorization testing and business-logic abuse cases.

- Perform deep defect analysis by reproducing, validating, and safely demonstrating security impact, including chained attack paths where applicable, while triaging and dispositioning false positives from automated tooling.

- Configure and tune automated application security testing tools to improve coverage, accelerate discovery, and complement manual testing efforts.

- Produce clear, reproducible technical reports with detailed evidence including steps to reproduce, impacted components/endpoints, risk/impact assessment, and practical remediation guidance.

- Collaborate with application development and security teams to ensure shared understanding of defects, support prioritization, and drive timely remediation through defect walkthroughs and follow-up activities.

- Support continuous improvement of penetration testing methodologies and processes by leveraging industry standards and best practices.

- Collaborate with team members to share knowledge, complete peer reviews of reports, and strengthen overall testing capabilities.

- Communicate findings and risks clearly to technical and non-technical stakeholders, supporting readouts, status updates, and remediation Q&A sessions.

Required Qualifications

- 2+ years of hands-on application penetration testing experience with a strong emphasis on manual testing, beyond reviewing or validating automated scanner results

- 2+ years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings

- 2+ years of Cybersecurity experience, or equivalent demonstrated through one or a combination of work experience, training, military experience, or education

- Experience conducting penetration testing on browser-based/web applications and APIs required; experience with mobile, mainframe, or thick client applications a plus

- Proficiency with application security testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler a plus

- Strong knowledge of common application security vulnerabilities and the OWASP Top 10

- Experience with scripting and automation (e.g., Python, Shell) a plus

- Knowledge of security best practices and compliance standards such as PCI DSS and GDPR preferred

- Demonstrated understanding of security risks in AI/ML-enabled applications (e.g., prompt injection, sensitive data exposure, insecure integrations) a plus

- Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent a plus

- Excellent written and verbal communication skills with the ability to convey technical findings clearly to diverse audiences

- Strong problem-solving and analytical skills

- Proven ability to work effectively in a team-oriented, collaborative environment and partner with cross-functional teams

- Ability to prioritize tasks and deliver high-quality results in a dynamic, fast-paced environment

- Highly self-motivated and directed with strong organizational skills and keen attention to detail

- Strong customer service orientation focused on delivering actionable insights and supporting timely remediation

- This position offers a hybrid work schedule with consistent Monday Friday hours (flexible as long as schedule remains consistent)