Application Penetration Tester (PCI DSS / HITRUST / Network Segmentation) - Remote - USA

Overview

Remote
$40 - $45
Contract - W2
Contract - Independent
Contract - 4 Month(s)

Skills

Penetration Testing
PCI DSS
HIPAA
OWASP
POSTMAN
Qualys
Nessus
Burp Suite
cloud
HITRUST
Network Segmentation
Pen testing
pen tester
penetration tester

Job Details

Job Title: Application Penetration Tester (PCI DSS / HITRUST / Network Segmentation)

Location: 100 % REMOTE - USA

Duration: 4 Months

Overview

We are seeking an experienced Application Penetration Tester to join our cybersecurity and compliance team. The ideal candidate will have strong expertise in web and API security testing, network segmentation, and compliance frameworks such as PCI DSS and HITRUST. This role involves assessing application and infrastructure security, identifying vulnerabilities, recommending remediation strategies, and supporting regulatory compliance initiatives.

Key Responsibilities

Conduct web, API, and mobile application penetration tests following OWASP Top 10 and industry best practices.

Perform threat modeling, static and dynamic analysis (SAST/DAST), and exploit validation.

Lead PCI DSS segmentation validation to ensure the Cardholder Data Environment (CDE) is properly isolated.

Support HITRUST certification activities, including risk assessments, control testing, and documentation.

Collaborate with network engineers to design and enforce network segmentation and micro-segmentation strategies aligned with zero-trust principles.

Provide detailed vulnerability reports with proof of concept (PoC) and actionable remediation guidance.

Assist with secure SDLC integration, helping development teams address security findings early in the lifecycle.

Coordinate with auditors, QSAs, and internal compliance teams to maintain continuous PCI DSS and HITRUST readiness.

Conduct retesting and verification of resolved vulnerabilities.

Stay current on emerging threats, exploits, and compliance requirements.

Required Qualifications

Bachelor s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).

3 5+ years of experience in application penetration testing or red teaming.

Strong understanding of PCI DSS, HITRUST CSF, and other regulatory frameworks (HIPAA, NIST 800-53, ISO 27001).

Proven experience with network segmentation, firewall rule validation, and micro-segmentation projects.

Proficiency with tools such as Burp Suite, Nmap, Metasploit, OWASP ZAP, Wireshark, Nessus, Qualys, and Postman.

Familiarity with cloud environments (AWS, Azure, Google Cloud Platform) and their security configurations.

Excellent analytical, communication, and documentation skills.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About TechVirtue LLC