AppSec - Pen Tester

About The Position

Requirements

• Hands-on experience performing web application and API penetration testing in an enterprise environment.
• Strong practical knowledge of OWASP Top 10 and common web application attack techniques.
• Experience using tools such as Burp Suite for application testing and vulnerability validation.
• Ability to scope applications, execute targeted testing, and validate whether vulnerabilities are exploitable.
• Solid understanding of secure software development concepts and application security architecture.
• Strong analytical and problem-solving skills with the ability to work independently or collaboratively.
• Ability to clearly document findings and present security risk in a clear, actionable manner.

Nice To Haves

• Experience testing applications in cloud-based environments.
• Familiarity with authentication and authorization mechanisms (OAuth, token-based auth, APIs).
• Background working closely with development teams to support remediation efforts.
• Exposure to application security within regulated or enterprise environments.
• Interest or experience areas adjacent to AI-enabled applications, threat analysis, or modern application architectures.

Responsibilities

• Conduct web application and API penetration testing to identify vulnerabilities in application design and implementation.
• Perform hands-on testing against scoped applications, including exploit validation and proof-of-concept development.
• Apply OWASP testing methodologies to evaluate application security controls and identify real-world risk.
• Review technical design documentation to ensure security requirements are incorporated early in the development lifecycle.
• Partner with application and engineering teams to provide guidance on secure architecture patterns across web, API, and cloud environments.
• Assess emerging application security tools, standards, authentication protocols, and technologies to identify gaps and opportunities for improvement.
• Help influence a strong secure-by-design development culture through education, collaboration, and best practices.
• Communicate application security risks and findings clearly to both technical and non-technical audiences.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)