Application Penetration Tester II

Job Title: Application Security Tester (Mid-Level)
Employment Type: Full-Time
Location: Onsite – Washington, DC
Work Authorization: Must be authorized to work in the U.S. (no sponsorship available)

Overview

We are seeking a mid-level Application Security Tester. The ideal candidate will have strong communication skills, a passion for innovation, and the ability to solve complex problems in a collaborative environment. This role involves hands-on security testing of web and mobile applications, including code reviews and validation of security controls.

Key Responsibilities

• Perform security assessments on web and mobile applications, including penetration testing and vulnerability analysis.
• Conduct source code reviews and provide actionable security recommendations.
• Utilize static and dynamic analysis tools to identify and remediate vulnerabilities.
• Integrate security testing into CI/CD pipelines and development workflows.
• Validate security controls for applications and backend services.
• Document and communicate findings to technical and non-technical stakeholders.
• Stay current with emerging threats and testing methodologies.
• Contribute to internal tooling and process improvements.

Required Qualifications

• Strong understanding of application, network, and system security principles.
• Proficiency with Windows and Linux environments.
• Familiarity with programming languages such as Python, Java, C#, or similar.
• Hands-on experience with tools like Burp Suite, OWASP ZAP, and other SAST/DAST/SCA platforms.

Preferred Qualifications

• Experience with mobile app security testing and reverse engineering.
• Knowledge of container and cloud security (Docker, Kubernetes, AWS, Azure).
• Industry certifications such as OSCP, GWAPT, GPEN, or similar.
• Contributions to the security community (e.g., open-source, research, bug bounties).
• Experience with API security testing and automation.