Apply Now

Web Application Pentester (Application Security SME)/Remote

Remote • Posted 3 hours ago • Updated 3 hours ago

Contract W2

Contract Corp To Corp

Contract Independent

No Travel Required

Remote

Depends on Experience

Fitment

Dice Job Match Score™

🫥 Flibbertigibetting...

Job Details

Skills

Web Application Pentester (Application Security SME)

Summary

Job Title: Web Application Pentester (Application Security SME)

Location: Remote

Experience: 4–8 years

Job Summary

We are seeking an experienced Web Application Pentester and Application Security SME to identify, assess, and remediate security vulnerabilities in web applications. The role involves hands-on penetration testing, secure code review, and guiding development teams on best security practices.

Key Responsibilities

Perform manual and automated penetration testing on web applications, APIs, and services
Identify vulnerabilities such as OWASP Top 10 issues (e.g., XSS, SQL Injection, CSRF, IDOR)
Conduct secure code reviews and threat modeling exercises
Provide detailed vulnerability reports with risk ratings and remediation guidance
Work closely with developers to fix security issues and improve secure coding practices
Integrate security testing into CI/CD pipelines (DevSecOps practices)
Assist in defining and enforcing application security standards and policies
Stay updated on emerging threats, tools, and techniques

Required Skills

Strong experience in web application penetration testing
Deep understanding of OWASP Top 10 and common web vulnerabilities
Proficiency with tools like Burp Suite, OWASP ZAP, Nmap, etc.
Knowledge of HTTP/HTTPS, REST APIs, authentication mechanisms (OAuth, JWT, SSO)
Experience with scripting (Python, Bash, or similar)
Familiarity with secure coding practices across languages (Java, JavaScript, etc.)
Understanding of SDLC and security integration (DevSecOps)

Preferred Skills

Experience in API security testing
Knowledge of cloud security (AWS, Azure, Google Cloud Platform)
Familiarity with container security (Docker, Kubernetes)
Experience with SAST/DAST tools
Bug bounty or real-world vulnerability disclosure experience

Certifications (Good to Have)

OSCP, CEH, GWAPT, or similar AppSec certifications

Soft Skills

Strong analytical and problem-solving skills
Effective communication and report-writing abilities
Ability to work with cross-functional teams

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 10513292
Position Id: 72404-12895-
Posted 3 hours ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Security Test Specialist

Remote

•

3d ago

Job Title:Security Test Specialist Location:Remote Duration: long term Job ID:4CI -7610 Required Qualifications: Perform security testing using both manual and automated techniques to identify vulnerabilities Conduct Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) Execute penetration testing and vulnerability assessments on web applications and systems Analyze authentication and authorization mechanisms to ensure secure access controls P

Easy Apply

Full-time, Third Party

Depends on Experience

Application Security Engineer

Remote or Parsippany-Troy Hills, New Jersey

•

19d ago

Description: Duties: Summary: Client is seeking an Application Security Consultant to join the greater Information Security Team and help advance our enterprise application security program. This role will play a critical part in the design, build, and operation of security capabilities that protect Wyndham s web, mobile, and cloud-native applications. The position requires broad application security experience across secure development practices, code analysis, cloud security, and production p

Easy Apply

Contract

$80 - $90

Application Security

Remote or Hybrid in Parsippany-Troy Hills, New Jersey

•

Today

Application Security Location: Parsippany, NJ (Hybrid) Or Remote Duration: 3 Months + Description: 3+ years of offense and defense application security experience with demonstrated hands-on expertise in SAST and SCA tools such as Checkmarx and Synk, including findings triage, ruleset tuning, and managing vulnerability lifecycle across enterprise environmentsStrong understanding of OWASP Top Ten and broader web and API vulnerabilities, including practical remediation techniques within enterprise

Easy Apply

Contract

$70 - $75

Senior Application Security / Product Security Engineer

Remote

•

Today

A global energy company is looking to bring on a hands on a Senior Application Security Engineer to be part of a team building out their AppSec program from the ground up. This role is highly technical, and requires candidates with previous experience working in OT and/or embedded/software product environments. You'll perform code reviews, conduct SAST/DAST/SCA scans, identify vulnerabilities in software, firmware, and OT systems, while supporting product security incident response activities. Y

Easy Apply

Contract

$70 - $90

Search all similar jobs