Penetration Tester (15 Years of Experience)

Overview

On Site
$70 - $72
Contract - W2
Contract - 12 Month(s)

Skills

AWs
Azure
Ec2
s3

Job Details

Hello,

This is Archana from Hanker Systems Inc. I'm trying to reach you regarding the role Penetration tester.

Role: Penetration Tester

Requirement ID: 72054

Location: Minnetonka, MN (Hybrid- 3 Days a week)

Contract Duration: 12+ Months

Rate: $72/hr on w2 with no benefits or $80/hr on c2c

Client: UHG (United Health Group)

If H1-B - 15+ years of exp only

Key Responsibilities

  • Perform manual and automated penetration testing of web and mobile applications.
  • Lead security assessments using DAST and SAST tools (e.g., Burp Suite, ZAP, Checkmarx, AppScan, WebInspect, Acunetix).
  • Evaluate and secure cloud environments (AWS and Azure) including EC2, S3, RDS, VNets, and Azure DevOps pipelines.
  • Conduct API security reviews, enforce secure coding practices, and validate implementations against best practices.
  • Perform code reviews in Python, Java, PHP, Perl, and Objective-C to identify vulnerabilities.
  • Provide architecture-level feedback on SSL/TLS, networking, load balancing, and ACL configurations.
  • Develop and maintain Application Security Programs with a focus on CI/CD integration and secure SDLC.
  • Lead scoping calls with stakeholders, define testing approaches, and present findings/reports.
  • Actively research emerging exploits and contribute to vulnerability discovery (e.g., CTF, Hack the Box).
  • Collaborate with engineering and product teams to ensure remediation strategies are adopted.

Required Skills

  • 14 Years of experience.
  • Strong knowledge of OWASP Top 10, NIST, and secure SDLC.
  • Proficiency in penetration testing tools: Burp Suite, Metasploit, ZAP, Checkmarx, AppScan.
  • Hands-on cloud security expertise in AWS (EC2, S3, RDS, KMS) and Azure security architecture.
  • Strong programming background in Python, Java, PHP, Perl, Objective-C for code review and exploit development.
  • In-depth knowledge of network security concepts: SSL/TLS, TCP/IP, ACLs, routing, load balancing.
  • Familiarity with LAMP, LEMP, and MEAN stacks from a security perspective.
  • Excellent communication skills for both technical and business stakeholders.

Required Certifications

  • OSCP / OSWA / CEH, or SANS (GWAPT, GPEN, GWEB)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.