Web Application Penetration Tester

About The Position

Requirements

• Strong experience testing web applications.
• Hands on web application testing experience.
• GWAPT, PWPA or equivalent penetration testing certifications.
• Ability and desire to teach and mentor.
• Experience with web development.
• Experience with app development.
• Experience evaluating the OWASP Top 10.
• Experience evaluating the OWASP Mobile Top 10.
• Experience evaluating broader OWASP testing methodologies.
• Experience performing iOS and Android mobile application penetration testing in alignment with methodologies such as the OWASP Mobile Application Security Testing Guide (MASTG) and OWASP Mobile Top 10.
• Knowledge of and ability to operate within major cloud environments such as Azure, AWS, and Google Cloud.
• Hold certifications relevant to the requirements detailed above.
• Efficient with the latest penetration testing tools, techniques, and exploits.
• Passionate about continuous research and improving technical tradecraft.
• Must detest a daily commute to an office.
• Virtual office experience is essential.
• Must reside anywhere in America.

Nice To Haves

• Experience testing mobile applications, APIs, cloud environments, and AI enabled applications or large language model (LLM) integrations.
• Familiarity with AI and LLM security testing concepts such as prompt injection, insecure plugin or agent functionality, data exposure risks, authorization weaknesses, and abuse of AI integrated business workflows, evaluated against frameworks such as the OWASP LLM Top 10 and MITRE ATLAS.
• Ability to understand and interpret a wide range of business environments including financial services, healthcare, technology providers, retail, and SaaS environments.
• Energetic about working in a small company environment and sharing in and contributing to KirkpatrickPrice’s growth.

Responsibilities

• Analyze a company’s defenses and design an effective attack plan.
• Perform web application penetration testing.
• Support network, mobile application, and emerging AI security assessments.
• Test internal and external network infrastructure.
• Perform iOS and Android mobile application penetration testing.
• Conduct security testing of AI and LLM integrations.
• Operate within major cloud environments such as Azure, AWS, and Google Cloud.
• Understand client needs and present remediation guidance.
• Teach clients applicable cybersecurity concepts.
• Collaborate closely with colleagues across the penetration testing team.

Benefits

• Competitive applicants will demonstrate hands on web application testing experience; possess the GWAPT, PWPA or equivalent penetration testing certifications; and demonstrate both the ability and desire to teach and mentor.
• Some days, it’s fun to just stay in superhero pajamas.