NYC only // Senior Cybersecurity Web Application Penetration Tester


  • Web Testing
  • Scripting
  • Nmap
  • Scripting language
  • Metasploit
  • Cyber security
  • Access control
  • Law
  • Web applications
  • Insurance

Job Description

A Business Law Firm with 10,000 employees is looking for a NYC based pen tester to join their application security team. The role is majority remote, though the cybersecurity team is based in NYC and we're looking for someone who can occasionally come into our Manhattan office (maybe once a month).

This position will be focused on testing web applications for security vulnerabilities and validating findings from our bug bounty program. You'll be working with other security engineers as well as advising the development team on how to remediate security vulnerabilities.

  • At least 4 years in web application penetration testing experience
  • Experience detecting cross-site scripting vulnerabilities, broken access controls or other spurious security configurations
  • Experience with any major scripting language
  • Comfort with both manual and automated pentesting, with tools like Burp Suite, OWASP ZAP, Nmap, and Metasploit

  • 401k plan with a variety of options and matching
  • 4 weeks vacation
  • Strong insurance package
  • Paid professional development
  • Flexible hours