Senior Penetration Tester

About The Position

Requirements

• Bachelor’s degree in Engineering or Science, or equivalent work experience.
• Eight or more years of experience in information security.
• Two or more years of experience in: IT infrastructure management Application architecture Risk management Data architecture Middleware technology IT operations and project management
• Mobile Application Security 5+ years of hands‑on experience with Android and iOS testing methodologies. Familiarity with platform‑specific risks, OWASP MASVS, and MASTG.
• Web & API Penetration Testing Deep understanding of OWASP Top 10, API Security Top 10, and SANS Top 25 vulnerabilities.
• Manual Testing & Exploitation Advanced proficiency with Burp Suite Pro, Postman/Insomnia, and custom scripts. Skilled in identifying business logic flaws, access control issues, and chaining exploits.
• Cloud & Platform Fluency Experience testing in AWS, Azure, containerized environments, and Kubernetes. Familiarity with cloud‑native tools such as AWS Inspector, Azure Defender, and ScoutSuite.
• Technical Proficiency Strong scripting skills (Python, PowerShell, Bash, Ruby, Go). Solid understanding of HTTP/S, OAuth, SAML, JWT, TCP/IP, DNS, firewalls, and IDS/IPS.
• Tooling & Automation Experience developing custom tools and scripts to automate testing workflows. Familiarity with tools such as Nmap, Metasploit, and Kali Linux.
• Threat Modeling & Risk Assessment Ability to conduct threat modeling and risk assessments to prioritize testing and communicate business impact.
• Regulatory & Compliance Knowledge of PCI‑DSS, HIPAA, NIST 800‑53, ISO 27001, and FedRAMP.
• Communication & Documentation Excellent written and verbal communication skills. Experienced in articulating findings to technical and non‑technical audiences, including executives.
• Leadership & Mentorship Proven ability to lead engagements, manage stakeholder expectations, and mentor junior testers.

Nice To Haves

• Source code review.
• ServiceNow Application Vulnerability Response.
• Knowledge of change control and security architecture
• Certifications (Preferred) GMOB, GWAPT, OSWE, OSCP, GPEN, GXPN, or equivalent.

Responsibilities

• Lead dynamic penetration testing against mobile, API, and web applications and information systems.
• Identify vulnerabilities and use manual exploitation techniques to demonstrate business impact.
• Deliver clear, actionable reports outlining findings, vulnerability scoring, and remediation guidance for both technical and non‑technical audiences.
• Continuously enhance testing methodologies by researching emerging threats, tools, and techniques.
• Support team initiatives such as process optimization, tool/script development, and knowledge sharing.

Benefits

• Healthcare (medical, dental, vision)
• Basic term and optional term life insurance
• Short-term and long-term disability
• Pregnancy disability and parental leave
• 401(k) and employer-funded retirement plan
• Paid vacation (from two to five weeks depending on salary grade and tenure)
• Up to 11 paid holiday opportunities
• Adoption assistance
• Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law