Application Security Engineer

Job Title: Information Security/ Application Security/ Penetration Tester

Contract 12 Months W2 only

Position Overview:
We are seeking an experienced Application Penetration Tester to join our team on a contract basis. In this role, you will be responsible for performing security assessments of web applications and APIs, identifying vulnerabilities, and working closely with development and security teams to ensure timely and effective remediation.

Key Responsibilities:

• Perform application penetration testing on web applications and APIs to identify security defects, vulnerabilities, and weaknesses.
• Utilize both manual penetration testing techniques and automated tools to conduct thorough security assessments.
• Configure and optimize automated security scanning tools to ensure accurate and efficient test execution.
• Conduct defect analysis, including reviewing and validating automated scan results, triaging issues, and identifying false positives.
• Document findings and generate detailed technical reports highlighting identified vulnerabilities, risk levels, and recommended remediation steps.
• Collaborate with development and security teams to ensure clear understanding of security defects and remediation strategies.
• Provide guidance on secure coding best practices and assist in addressing recurring security risks.

Required Skills & Qualifications:

• Strong hands-on experience in Application Penetration Testing for web applications and APIs.
• Proficiency in Dynamic Application Security Testing (DAST) methodologies and tools.
• Experience with common web application vulnerabilities (e.g., OWASP Top 10) and API security issues.
• Familiarity with configuring and operating industry-standard automated security scanning tools (e.g., Burp Suite, OWASP ZAP, AppScan, Acunetix, etc.).
• Strong analytical skills to review, validate, and triage automated scan results.
• Excellent written and verbal communication skills for creating clear, concise, and technically detailed reports.
• Ability to work collaboratively with cross-functional teams to facilitate vulnerability remediation.

Preferred Qualifications:

• Knowledge of Static Application Security Testing (SAST) and Secure Software Development Lifecycle (SSDLC) practices.
• Experience with scripting or automation for security testing (e.g., Python, Bash).
• Relevant industry certifications such as OSCP, OSWE, GWAPT, CEH, GPEN or similar.

EEO:

Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.