Sr. Web Application Penetration Tester - Cybersecurity

🌍 Remote, USA 💹 Full-time 🕐 Posted Recently

Job Description

Position: Sr. Web Application Penetration Tester - Cybersecurity

Location: Remote

Hiring Mode: 12 Months Contract

Job Description:

The Senior Web Application Penetration Tester is responsible for identifying security vulnerabilities in internally developed and third-party web applications used across the Utility. This role focuses exclusively on application-layer security testing, helping ensure that customer-facing and internal web applications are resilient against real-world threats. The position works closely with application development, cloud, and security teams to reduce risk and improve secure development practices.

Key Responsibilities:

    Web Application & API Penetration Testing
  • Conduct manual and automated penetration testing of web applications and RESTful APIs
  • Identify and exploit common and advanced web vulnerabilities (e.g., OWASP Top 10, business logic flaws)
  • Test authentication, authorization, session management, and access controls
  • Perform API security testing including authorization bypass, mass assignment, and input validation flaws
  • Assess application security across development, test, and production environments (as authorized)
    Secure SDLC & Collaboration
  • Partner with application development and DevSecOps teams to integrate security testing into the SDLC
  • Provide guidance on secure coding practices and vulnerability remediation
  • Support threat modeling and design reviews for new or enhanced applications
    Reporting & Risk Communication
  • Produce detailed penetration test reports with clear reproduction steps and remediation recommendations
  • Communicate risk in business-appropriate language for technical and non-technical stakeholders
  • Validate remediation through follow-up testing and re-assessments
    Tools & Techniques
  • Use industry-standard tools such as Burp Suite, OWASP ZAP, Postman, and custom scripts
  • Leverage manual testing techniques to identify business logic and workflow vulnerabilities
  • Stay current on emerging web application attack techniques and defenses
    Required Qualifications
  • 6+ years of cybersecurity experience with a strong focus on web application penetration testing
  • Demonstrated experience testing modern web applications and APIs
  • Strong understanding of HTTP/S, REST, JSON, authentication mechanisms, and web architectures
  • Proficiency with tools such as Burp Suite Pro and API testing tools
  • Working knowledge of at least one scripting or programming language (e.g., Python, JavaScript, or PowerShell)
  • Strong written and verbal communication skills
    Preferred Qualifications
  • Experience testing customer-facing applications in regulated environments
  • Familiarity with cloud-hosted applications and CI/CD pipelines
  • Knowledge of OWASP ASVS, SAMM, or similar application security standards
  • Certifications such as OSCP, GWAPT, OSWE, or similar

Apply Now

Apply Now

Ready to Apply?

Don't miss out on this amazing opportunity!

🚀 Apply Now

Similar Jobs

Recent Jobs

You May Also Like