Location: Charlotte, NC
Salary: $60.00 USD Hourly - $65.00 USD Hourly
Description: Application Penetration TesterWe are not accepting C2C or 1099 arrangements.OverviewWe are seeking an Application Penetration Tester to identify, validate, and exploit security vulnerabilities through hands-on, manual testing across a wide range of application technologies. This role requires deep technical expertise, curiosity, and the ability to go beyond automated tools to uncover meaningful security risks and drive remediation.
You will play a key role in strengthening application security by delivering high-confidence findings, collaborating with development teams, and improving testing methodologies.
Responsibilities- Conduct manual penetration testing across:
- Web applications (browser-based)
- APIs
- Mobile applications
- (Optional) mainframe and thick client applications
- Perform authentication, authorization, and business logic testing to identify real-world attack scenarios
- Use automated tools to support testing while prioritizing manual techniques for accuracy and depth
- Reproduce and validate vulnerabilities, including chained attack paths where applicable
- Analyze and triage findings, including filtering false positives from scanning tools
- Create clear, reproducible technical reports with:
- Step-by-step reproduction details
- Impacted systems or endpoints
- Risk assessment and business impact
- Practical remediation recommendations
- Partner closely with application and security teams to:
- Explain findings
- Prioritize remediation efforts
- Support vulnerability resolution and retesting
- Contribute to improving penetration testing practices, tools, and processes
- Participate in peer reviews and knowledge sharing across the team
- Communicate security risks effectively to both technical and non-technical stakeholders
Minimum Qualifications- 2+ years of experience in cybersecurity research or related experience (work, education, or military)
- 2+ years of hands-on manual application penetration testing experience
- 2+ years of experience with Dynamic Application Security Testing (DAST) tools, including configuration and validation of findings
Preferred Qualifications- Experience with industry-standard tools such as:
- Burp Suite
- Invicti
- WebInspect
- Fiddler
- Strong understanding of application security concepts and vulnerabilities (e.g., OWASP Top 10)
- Experience with scripting or automation (e.g., Python, Shell)
- Knowledge of compliance frameworks and standards (e.g., PCI DSS, GDPR)
- Familiarity with security risks in AI/ML-enabled applications (e.g., prompt injection, data exposure)
- Strong analytical, problem-solving, and communication skills
- Ability to collaborate effectively across cross-functional teams
- Industry certifications (OSCP, BSCP, GWAPT, GPEN, GXPN, or equivalent)
Work Environment & Logistics- Work Schedule: Monday-Friday (8:00 AM - 5:00 PM, flexible within consistent hours)
- Work Model: Hybrid (3 days onsite, 2 days remote)
- Locations: Charlotte, NC (primary) and additional hubs including Dallas, Minneapolis, Chandler, Des Moines, Columbus, Raleigh, San Antonio, and Washington, DC
- Visa Sponsorship: Not available
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
Contact: This job and many more are available through The Judge Group. Please apply with us today! 
Never miss an opportunity! Create an alert based on the job you applied for.