Penetration Tester / Security Engineer

Overview

On Site

Depends on Experience

Contract - W2

Contract - 12 Month(s)

Skills

Penetration Testing

Web Application Security

Mobile Security

Burp Suite

Metasploit

OWASP Top 10

ZAP

Checkmarx

AppScan

WebInspect

Acunetix

Secure SDLC

CI/CD Security

Python

Java

PHP

Perl

Objective-C

AWS Security

Azure Security

EC2

RDS

KMS

Azure DevOps

SSL/TLS

TCP/IP

Load Balancing

ACL

NIST

LAMP Stack

LEMP Stack

MEAN Stack

API Security

Network Security

DAST

SAST

Code Review

Vulnerability Assessment

Cybersecurity

Cloud Security

OSCP

CEH

GPEN

GWAPT

GWEB

Job Details

Job Title: Penetration Tester / Security Engineer
Location: Minnetonka, MN (Hybrid 3 days/week onsite after initial 4 6 weeks remote)
Experience: 14+ Years
Contract Duration: 12+ Months

We are seeking a highly skilled Penetration Tester/Security Engineer with deep expertise in manual and automated testing, cloud security, and secure SDLC practices. This role involves working closely with product and engineering teams to identify and remediate vulnerabilities across applications and infrastructure, including cloud environments

Key Responsibilities:

Conduct manual and automated penetration testing of web and mobile applications.
Lead vulnerability assessments using DAST and SAST tools such as Burp Suite, ZAP, Checkmarx, AppScan, and WebInspect.
Perform API security assessments and guide teams on secure coding practices.
Review source code in Python, Java, PHP, Perl, and Objective-C to identify security issues.
Evaluate cloud environments (AWS, Azure) and enforce security controls across EC2, S3, RDS, VNets, and CI/CD pipelines.
Provide architecture-level recommendations for secure networking (SSL/TLS, ACLs, load balancing).
Develop and manage Application Security Programs integrated into CI/CD and secure SDLC.
Lead security testing scope discussions and present findings/reports to technical and business stakeholders.
Stay up to date on emerging threats and exploits; contribute to vulnerability research and discovery (e.g., CTFs, Hack the Box).
Collaborate cross-functionally to ensure identified issues are remediated effectively.

< data-start="1866" data-end="1890">Required Skills:</>

Strong knowledge of OWASP Top 10, NIST standards, and secure SDLC methodologies.
Hands-on experience with penetration testing tools: Burp Suite, Metasploit, ZAP, Checkmarx, AppScan.
Solid understanding of AWS and Azure security controls (EC2, S3, RDS, KMS, VNets, DevOps pipelines).
Programming skills for secure code review and exploit development in Python, Java, PHP, Perl, and Objective-C.
Strong grasp of network security concepts: SSL/TLS, TCP/IP, ACLs, routing, and load balancing.
Familiarity with LAMP, LEMP, and MEAN stack architectures from a security standpoint.
Excellent communication and reporting skills.

< data-start="2533" data-end="2566">Certifications:</>

OSCP, OSWA, CEH, or relevant SANS certifications (GWAPT, GPEN, GWEB)

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Job Details

Key Responsibilities:

About Care IT Services Inc

Share