Application Penetration Tester

Location: Fully Remote

Experience Level: 8+ Years

Job Type: Full-Time

About the Role

We are seeking an experienced Application Penetration Tester to conduct in-depth security assessments of web, mobile, and cloud-based applications. You will play a key role in identifying vulnerabilities, simulating real-world attacks, and providing actionable remediation guidance to improve security posture.

Key Responsibilities

  • Conduct manual and automated penetration tests on web, mobile, and API-based applications.

  • Identify, exploit, and document vulnerabilities following OWASP, MITRE ATT&CK, and industry best practices.

  • Utilize common security tools (Burp Suite, Metasploit, Kali Linux, ZAP, etc.) and custom scripts to assess application security.

  • Perform source code reviews and security assessments of application architectures.

  • Simulate real-world attack scenarios and assess business risks.

  • Provide detailed reports with clear remediation guidance for development and security teams.

  • Collaborate with developers, DevOps, and security engineers to integrate security into the SDLC.

  • Stay up to date on emerging threats, zero-day vulnerabilities, and security trends.

Required Qualifications

  • 8+ years of hands-on experience in application penetration testing and security assessments.

  • Expert knowledge of OWASP Top 10, SANS 25, CWE, and NIST frameworks.

  • Proficiency with tools like Burp Suite, Metasploit, Nmap, Kali Linux, ZAP, SQLmap, etc.

  • Strong understanding of web technologies (HTTP, REST APIs, GraphQL, WebSockets, etc.).

  • Experience testing mobile applications (iOS & Android), including reverse engineering and dynamic analysis.

  • Familiarity with cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).

  • Ability to write and understand exploits, scripts, and automation tools in Python, Bash, or PowerShell.

  • Strong report writing and communication skills to articulate vulnerabilities and risk mitigation strategies.

Preferred Qualifications

  • Relevant certifications such as OSCP, OSWE, GWAPT, GPEN, or CISSP.

  • Experience in red teaming, threat modeling, and adversary simulation.

  • Familiarity with CI/CD security tools and DevSecOps practices.

  • Background in secure coding and software development.

Why Join Us?

  • Fully remote with flexible working hours.

  • Competitive salary and bonus incentives.

  • Continuous training and certification reimbursement.

  • Work on diverse projects across multiple industries.

  • Collaborative and innovative security team culture.

Direct Applicants Only – No Staffing Agencies or Third-Party Recruiters

We are not accepting solicitations from staffing agencies, recruiting firms, or third-party vendors for this position. Any unsolicited resumes or candidate submissions from such entities will not be considered, and we will not be responsible for any associated fees.

Thank you for respecting this policy.