Penetration Tester

Role: Penetration Tester
Location: Minnetonka, MN (Hybrid- 3 Days a week)
Contract Duration: 12+ Months

No. of Openings: 10
Required Experience Level: 12+ Years

Key Responsibilities:
- Perform manual and automated penetration testing of web and mobile applications.
- Lead security assessments using DAST and SAST tools (e.g., Burp Suite, ZAP, Checkmarx, AppScan, WebInspect, Acunetix).
- Evaluate and secure cloud environments (AWS and Azure) including EC2, S3, RDS, VNets, and Azure DevOps pipelines.
- conduct API security reviews, enforce secure coding practices, and validate implementations against best practices.
- Perform code reviews in Python, Java, PHP, Perl, and Objective-C to identify vulnerabilities.
- Provide architecture-level feedback on SSL/TLS, networking, load balancing, and ACL configurations.
- Develop and maintain Application Security Programs with a focus on CI/CD integration and secure SDLC.
- Lead scoping calls with stakeholders, define testing approaches, and present findings/reports.
- Actively research emerging exploits and contribute to vulnerability discovery (e.g., CTF, Hack the Box).
- Collaborate with engineering and product teams to ensure remediation strategies are adopted.
Required Skills:
- Strong knowledge of OWASP Top 10, NIST, and secure SDLC.
- Proficiency in penetration testing tools: Burp Suite, Metasploit, ZAP, Checkmarx, AppScan.
- Hands-on cloud security expertise in AWS (EC2, S3, RDS, KMS) and Azure security architecture.
- Strong programming background in Python, Java, PHP, Perl, Objective-C for code review and exploit development.
- In-depth knowledge of network security concepts: SSL/TLS, TCP/IP, ACLs, routing, load balancing.
- Familiarity with LAMP, LEMP, and MEAN stacks from a security perspective.
- Excellent communication skills for both technical and business stakeholders.
Required Certifications: OSCP / OSWA / CEH, or SANS (GWAPT, GPEN, GWEB)