Cyber - Application Security Senior Penetration Tester

About The Position

Requirements

• 10+ years of experience in application penetration testing for web applications, RESTful APIs, mobile applications, and thick clients using manual exploitation and advanced assessment techniques.
• 10+ years of experience in vulnerability research, exploit development, binary analysis, and proof-of-concept development.
• 8+ years of experience in cloud and container security assessments (AWS, Azure, GCP, Docker, Kubernetes) for cloud-native applications.
• 8+ years of experience with secure SDLC practices, threat modeling, and application security standards (OWASP Top 10, NIST, SANS) and compliance frameworks (e.g., PCI DSS).
• 8+ years of experience integrating security into CI/CD and IaC pipelines, and testing automation (Jenkins, GitHub Actions, Terraform).
• 6+ years of experience with scripting and automation (Python, Bash), and hands-on use of tools such as Burp Suite, Metasploit, MobSF, Postman, and fuzzing frameworks.
• 6+ years of equivalent combination of educational background, related experience, and/or military experience.

Nice To Haves

• Experience working in the financial services industry with secure application development and regulatory/compliance requirements.
• Professional certifications such as OSCP, GWAPT, CPENT, or equivalent.
• Experience applying LLMs and automation for vulnerability discovery, exploit generation, or security testing orchestration.
• Hands-on experience with SAST/DAST/SCA platforms (e.g., Veracode, Checkmarx, Fortify) and integrating findings into developer workflows.
• Proven experience mentoring engineers and collaborating with product, engineering, and risk teams to operationalize application security.

Responsibilities

• Perform thorough penetration testing across web applications, RESTful APIs, mobile applications (iOS/Android), and thick clients using manual and automated techniques to identify and exploit vulnerabilities.
• Develop and implement advanced penetration testing strategies, frameworks, and test plans tailored to different application architectures.
• Lead security assessments, execute exploit development and proof-of-concept creation, and validate remediation effectiveness.
• Provide technical guidance on remediation, secure coding practices, and risk mitigation to development and product teams.
• Monitor and respond to application security incidents; conduct root-cause analysis and drive corrective actions.
• Research and apply emerging tools, techniques, and threat intelligence to continuously improve testing coverage and automation.
• Mentor and support team members, promoting a culture of application security engineering and secure SDLC integration.
• Responsibilities listed are not intended to be all-inclusive and may be modified as necessary.

Benefits

• Fuel Your Life program to support physical, financial, social, and emotional well-being.
• Paid holidays and generous time away policies.
• No-cost mental health support through Employee Assistance Programs.
• Living Proof program to recognize your peers’ extra effort with points used for rewards.
• Eight Employee Resource Groups to foster a collaborative culture.
• Unparalleled professional growth with training, development, and internal mobility opportunities.
• Retirement planning and discounted shares with the Employee Stock Purchase Plan.
• Medical, dental, vision, life, and disability insurance options available day one.
• Tuition assistance and reimbursement program.
• Paid parental, caregiver, and military leave.