Web Application Security Test Engineer (W2)

Job Title: Web Application Security Test Engineer (W2)

Locations: Seattle, WA / Addison, TX (5 days onsite)

Duration: 12+ months contract

Job Description:

• This is a Web Application Security Testing role, not a penetration testing position. The focus is on candidates who have hands-on experience testing real enterprise-level web applications (such as banking platforms or other large-scale applications), rather than performing generic or exploratory penetration testing.
• The ideal candidate must have a deep understanding of OWASP Top 10 vulnerabilities, including the ability to clearly explain the root cause of each vulnerability, how to test for it, and how to fix it.
• Strong knowledge of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) is the key on this role, along with hands-on experience using tools like Burp Suite and similar security testing platforms.
• A key requirement of the role is strong expertise in authentication and authorization testing, including areas such as login systems, password-based authentication, multi-factor authentication (MFA/OTP), biometrics, and understanding potential failure points within these flows.
• Beyond identifying vulnerabilities, the candidate must act as a security advisor to development teams. This means not only detecting issues but also being able to explain the root cause, recommend solutions, and guide developers on how to remediate them effectively.

In short, they need a Web Application Security expert who can deeply understand vulnerabilities, test them in real enterprise systems, and guide developers on fixing them, not just a penetration tester.

• Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.
• In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.
• Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools,
• Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.
• Bachelor''s Degree in Computer Science or equivalent experience.
• Must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment

Best Regards,

Ashish Singh

Truehire Staffing,

5900, Balcones Drive Suit 100, Austin, TX, 78731

Email ID: 

Web: