Sr. Web Application Penetration Tester - Cybersecurity

Remote Full-time
Position: Sr. Web Application Penetration Tester - Cybersecurity

Location: Remote

Hiring Mode: 12 Months Contract

Job Description:

The Senior Web Application Penetration Tester is responsible for identifying security vulnerabilities in internally developed and third-party web applications used across the Utility. This role focuses exclusively on application-layer security testing, helping ensure that customer-facing and internal web applications are resilient against real-world threats. The position works closely with application development, cloud, and security teams to reduce risk and improve secure development practices.

Key Responsibilities:

Web Application & API Penetration Testing
• Conduct manual and automated penetration testing of web applications and RESTful APIs
• Identify and exploit common and advanced web vulnerabilities (e.g., OWASP Top 10, business logic flaws)
• Test authentication, authorization, session management, and access controls
• Perform API security testing including authorization bypass, mass assignment, and input validation flaws
• Assess application security across development, test, and production environments (as authorized)

Secure SDLC & Collaboration
• Partner with application development and DevSecOps teams to integrate security testing into the SDLC
• Provide guidance on secure coding practices and vulnerability remediation
• Support threat modeling and design reviews for new or enhanced applications

Reporting & Risk Communication
• Produce detailed penetration test reports with clear reproduction steps and remediation recommendations
• Communicate risk in business-appropriate language for technical and non-technical stakeholders
• Validate remediation through follow-up testing and re-assessments

Tools & Techniques
• Use industry-standard tools such as Burp Suite, OWASP ZAP, Postman, and custom scripts
• Leverage manual testing techniques to identify business logic and workflow vulnerabilities
• Stay current on emerging web application attack techniques and defenses

Required Qualifications
• 6+ years of cybersecurity experience with a strong focus on web application penetration testing
• Demonstrated experience testing modern web applications and APIs
• Strong understanding of HTTP/S, REST, JSON, authentication mechanisms, and web architectures
• Proficiency with tools such as Burp Suite Pro and API testing tools
• Working knowledge of at least one scripting or programming language (e.g., Python, JavaScript, or PowerShell)
• Strong written and verbal communication skills

Preferred Qualifications
• Experience testing customer-facing applications in regulated environments
• Familiarity with cloud-hosted applications and CI/CD pipelines
• Knowledge of OWASP ASVS, SAMM, or similar application security standards
• Certifications such as OSCP, GWAPT, OSWE, or similar

Apply Now

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Solutions Engineer - West

Remote

Remote Customer Support Publishing Associate - Earn $30-$35/Hour, Entry-Level

Remote

Eating Disorder and OCD Therapist

Remote

Remote Client Support Officer

Remote

Hotel Reservation Specialist | Remote

Remote

Experienced Remote Data Entry Specialist – Full-time and Part-time Opportunities for Detail-Oriented Individuals at arenaflex

Remote

Experienced Entry Level Customer Service Representative – Global E-commerce Remote Chat Support

Remote

Apple Genius - IT Support Technician

Remote

**Experienced Remote Data Entry-Clerk – Thriving in a Dynamic Environment at blithequark**

Remote

Experienced Full Stack Data Entry Specialist – Remote Work Opportunity at careerzynith

Remote
← Back