Web Application Penetration Tester

Position: Web Application Penetration Tester
Engagement: 12-month contract
Location: Hybrid / Onsite as required (Pleasanton, California)

Role Overview

We are seeking a highly skilled Web Application Penetration Tester to lead manual penetration testing for a mission-critical, internally developed web application. The tester will identify vulnerabilities, validate risks, recommend remediation steps, and work closely with development teams to ensure secure design and implementation.

This is a hands-on, technical security role that also involves mentoring development teams in secure coding best practices.

Key Responsibilities

Penetration Testing & Application Security

• Perform manual penetration testing on enterprise web applications.
• Identify, validate, and exploit vulnerabilities across the application stack.
• Document findings, risk severity, and detailed remediation recommendations.
• Re-test vulnerabilities after fixes are implemented and validate effectiveness.
• Develop or leverage scripts/automation to re-run security test cases.
• Plan, manage, and execute the entire penetration testing lifecycle.

Collaboration & Development Support

• Partner with developers to guide secure remediation practices.
• Assist with secure application design, code reviews, and architecture reviews.
• Work with cross-functional teams including QA, Business, and Operations.
• Support users in developing test cases, understanding behavior, and troubleshooting.

Mentoring & Knowledge Transfer

• Mentor development teams in secure coding practices (e.g., OWASP, threat modeling).
• Deliver informal and structured security training sessions.
• Support skill-building initiatives to strengthen internal security capabilities.

Documentation & Reporting

• Produce high-quality penetration testing reports and technical documentation.
• Provide regular status updates on testing progress, risks, and remediation timelines.
• Maintain structured tracking of testing activities and mentoring progress.

Must-Have Requirements

• Advanced knowledge of web application penetration testing.
• Extensive hands-on experience identifying, exploiting, and remediating vulnerabilities in web applications.
• In-depth knowledge of OWASP Top 10 and related security frameworks.
• Proficient knowledge of Java, Spring, and Oracle (ability to review code and understand architectural risks).
• Working knowledge of Linux and Windows operating environments.

Additional Technical Skills

• Experience testing enterprise-class, multi-tier applications.
• Familiarity with common testing tools and methodologies.
• Ability to write or adapt security test automation scripts.
• Understanding of secure SDLC processes and secure coding practices.

Professional Skills

• Excellent written and verbal communication.
• Ability to explain complex security issues to both technical and non-technical stakeholders.
• Strong analytical and problem-resolution skills.
• Self-motivated and capable of learning new systems quickly.
• Strong collaboration skills; capable of independent work with minimal supervision.
• Ability to manage multiple tasks and meet deadlines.

Core Competencies

• Integrity and sound judgment
• Strategic thinking
• Adaptability and innovation
• Commitment to quality
• Effective communication and influence
• Ability to work both independently and as part of a team