Senior Web Application Penetration Tester

About The Position

Requirements

• 5+ years of experience in web application penetration testing or offensive cybersecurity.
• Demonstrated experience conducting manual web application security assessments.
• Knowledge of modern web application vulnerabilities, attack methodologies, and exploitation techniques.
• Experience with network mapping, vulnerability scanning, and penetration testing methodologies.
• Familiarity with NIST 800-series standards and cybersecurity best practices.
• Experience developing scripts, payloads, or custom testing tools.
• Strong analytical, problem-solving, and communication skills.
• Must be able to obtain a Secret Clearance.

Nice To Haves

• CWES (preferred)
• CWEE (preferred)
• OSCP
• OSWA
• OSWE
• CRTO
• GWAPT
• Other relevant hands-on offensive security certifications
• Experience with cloud environments and post-exploitation activities.
• Experience with Active Directory security assessments.
• Familiarity with FISMA compliance requirements.
• Experience supporting government or regulated industry clients.
• Proficiency with common offensive security tools and frameworks.

Responsibilities

• Conduct penetration testing of web applications, APIs, mobile applications, databases, and client-side technologies.
• Perform application enumeration, endpoint discovery, vulnerability research, and exploitation activities.
• Identify, validate, and assess vulnerabilities across complex environments.
• Analyze attack paths and security weaknesses to determine business and operational impact.
• Develop and utilize custom tools, scripts, and payloads to support testing activities.
• Perform network mapping, vulnerability analysis, and security assessments across applications and supporting infrastructure.
• Research emerging vulnerabilities, attack techniques, and exploitation methodologies.
• Support post-exploitation activities involving cloud and enterprise environments when applicable.
• Collaborate with clients and internal teams to define scope, review findings, and recommend remediation strategies.
• Communicate technical concepts and findings to both technical and non-technical stakeholders.
• Produce comprehensive reports, including detailed findings, exploitation procedures, risk analysis, and mitigation recommendations.
• Participate in client meetings and provide ongoing updates throughout assessment activities.

Benefits

• Employer-paid health insurance premiums (medical, dental, vision) for you and your family
• Employer-paid short/long term disability insurance and basic life/AD&D insurance
• 401K with a 4% employer contribution
• Professional development reimbursement options available (training, certification, education, etc)
• Flexible and remote work policies for most positions
• Flexible PTO and holiday schedule