Application Penetration Tester - Hybrid

Genesis10 is currently seeking an Application Penetration Tester - Hybrid position with a Global Financial Institution located in Charlotte, NC, Dallas, TX, Minneapolis, MN, Chandler, AZ, Des Moines, IA, Columbus, OH, Raleigh, NC, San Antonio, TX, or Washington, DC. This is a 12+ month contract opportunity.

In this role, you will identify, validate, and exploit security vulnerabilities through hands-on, manual testing across a broad range of application technologies. The focus will be on browser-based/web and API testing, with additional experience in mobile, mainframe, or thick client testing being valuable. The successful candidate will deliver high-confidence, reproducible vulnerabilities with clear evidence and practical remediation guidance, and partner with application teams to drive timely fixes.

Responsibilities:

- Conduct application penetration testing across browser-based/web applications, APIs, and mobile applications (and where applicable mainframe and thick client applications) using primarily manual techniques supplemented by automated tools

- Include authentication/authorization testing and business-logic abuse cases where applicable

- Configure and tune automated tools to support testing, improve coverage, and accelerate discovery (as a complement to manual testing)

- Perform deep defect analysis by reproducing, validating, and safely demonstrating impact (including chained attack paths when applicable)

- Triage and disposition false positives from automated tooling

- Produce clear, reproducible technical reports with evidence (steps to reproduce, impacted components/endpoints, and risk/impact) and practical remediation guidance

- Collaborate with application and security teams to ensure shared understanding of defects, prioritization, and remediation paths

- Support continuous improvement of testing methodologies and processes leveraging industry standards and best practices

- Collaborate with other members of the team to share knowledge and complete peer reviews of reports

- Communicate findings and risk clearly to technical and non-technical stakeholders

Requirements:

- 4 years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education

- 2 years of hands-on application penetration testing experience (manual testing required), beyond reviewing/validating automated scanner results

- 2 years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings

Desired skills:

- Advanced experience with testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler

- Strong knowledge of application security and common vulnerabilities (OWASP Top 10)

- Experience with scripting and automation (e.g., Python, Shell)

- Knowledge of security best practices and compliance standards (e.g., PCI DSS, GDPR)

- Excellent communication skills and the ability to collaborate effectively with cross-functional teams

- Strong problem-solving and analytical skills

- Demonstrated knowledge of AI/ML-enabled applications and common security risks (for example, prompt injection, sensitive data exposure, and insecure integrations)

- Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent are a plus

Pay range: $51.72 - $59.72 per hour

Only candidates available and ready to work directly as Genesis10 employees will be considered for this position.

If you have the described qualifications and are interested in this exciting opportunity, please apply!

Ranked a Top Staffing Firm in the U.S. by Staffing Industry Analysts for six consecutive years, Genesis10 puts thousands of consultants and employees to work across the United States every year in contract, contract-for-hire, and permanent placement roles. With more than 300 active clients, Genesis10 provides access to many of the Fortune 100 firms and a variety of mid-market organizations across the full spectrum of industry verticals.

For contract roles, Genesis10 offers the benefits listed below. If this is a perm-placement opportunity, our recruiter can talk you through the unique benefits offered for that particular client. Benefits of Working with Genesis10:

- Access to hundreds of clients, most who have been working with Genesis10 for 5-20+ years.

- The opportunity to have a career-home in Genesis10; many of our consultants have been working exclusively with Genesis10 for years.

- Access to an experienced, caring recruiting team (more than 7 years of experience, on average.)

- Behavioral Health Platform

- Medical, Dental, Vision

- Health Savings Account

- Voluntary Hospital Indemnity (Critical Illness & Accident)

- Voluntary Term Life Insurance

- 401K

- Sick Pay (for applicable states/municipalities)

- Commuter Benefits (Dallas, NYC, SF, and Illinois)

For multiple years running, Genesis10 has been recognized as a Top Staffing Firm in the U.S., as a Best Company for Work-Life Balance, as a Best Company for Career Growth, for Diversity, and for Leadership, amongst others. To learn more and to view all our available career opportunities, please visit us at our website.

Genesis10 is an Equal Opportunity Employer. Candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.