Penetration Tester - Application Security

Job Description

Job Title: Application Security Penetration Tester

Location: Fort Mill, SC

Duration: 12+ Months (Potential Contract to Hire)

Experience Required: 4–6+ Years Role Overview We are seeking an Application Security Penetration Tester with a strong background in security testing and hands-on development experience. The ideal candidate will be responsible for identifying, analyzing, and mitigating application vulnerabilities while collaborating with development teams to enhance secure coding practices.

Key Responsibilities 1. Security Testing & Penetration Testing - Perform application security testing including SAST, DAST, and SCA

- Conduct penetration testing on applications and systems

- Validate vulnerabilities through manual testing

2. Vulnerability Management - Identify, analyze, and report security vulnerabilities

- Maintain dashboards and reports for tracking security issues

- Conduct vulnerability assessments and risk analysis

3. Secure Development Support - Review source code to identify vulnerabilities and security gaps

- Collaborate with development teams to improve secure coding practices

- Support threat modeling and secure design initiatives

4. Automation & CI/CD Integration - Automate security scans and integrate with CI/CD pipelines

- Work with tools like Jenkins, GitHub, and security platforms

5. Incident Response & Monitoring - Support security incident investigations and response

- Participate in red team, blue team, and purple team activities

Required Skills Security Expertise - Strong understanding of OWASP Top 10

- Experience with SAST, DAST, SCA tools

- Familiarity with tools like Checkmarx, Fortify, Veracode, AppScan, Burp Suite

Programming & Development - Experience with .NET, Java, Python, C/C++

- Knowledge of JavaScript frameworks (Node.js, React)

- Understanding of OOP concepts

Web & API Technologies - Experience with web services, JSON, and API testing

- Exposure to HTML, ASP, JSP, ColdFusion

DevOps & Tools - CI/CD tools (Jenkins)

- Source control (GitHub)

Database - SQL Server, MySQL

- Strong SQL querying skills

Cloud - Basic knowledge of Microsoft Azure

Additional Requirements - Strong understanding of internet architecture

- Ability to communicate security findings to stakeholders

- Strong analytical and problem-solving skills

Preferred Skills - Experience in enterprise security environments

- Exposure to advanced threat modeling techniques

- Experience in contract-to-hire roles or long-term engagements