Penetration Tester

Daily Responsibilities

• Conduct web application and API penetration tests as the primary focus, applying deep manual testing techniques beyond automated scanning
• Assess and articulate the true business and financial impact of discovered vulnerabilities - going beyond CVSS scores to communicate real-world risk to stakeholders
• Triage, validate, and contextualize vulnerability reports - particularly in environments where reporter incentives may not align with actual organizational risk (e.g., bug bounty program submissions)
• Drive all phases of penetration test engagements.
• Perform manual testing and identifying vulnerabilities such as Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection, privilege escalations, authentication weaknesses, access control weaknesses, use of insecure cryptographic protocols, security misconfigurations.

• 5+ years of hands-on experience in a technical security role with a strong emphasis on web application penetration testing and AppSec
• Skilled in performing penetration tests on web APIs and mobile apps before release.
• Experience conducting manual API and mobile PenTest using burp suite.
• Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws etc.
• Advanced knowledge of security tools (Burp Suite, Metasploit, Cobalt Strike, Empire, Nmap, etc.) and multiple operating systems (e.g. Windows, Linux).

Desired Skills & Experience

• Experience aligning offensive security findings to frameworks and control objectives: MITRE ATT&CK, NIST CSF, OWASP, ISO 27001, CIS
• Familiarity with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).

• Medical Insurance - Four medical plans to choose from for you and your family
• Dental & Orthodontia Benefits
• Vision Benefits
• Health Savings Account (HSA)
• Health and Dependent Care Flexible Spending Accounts
• Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance
• Hospital Indemnity Insurance
• 401(k) including match with pre and post-tax options
• Paid Sick Time Leave
• Legal and Identity Protection Plans
• Pre-tax Commuter Benefit
• 529 College Saver Plan

Our client is a Fortune 50 company and a large name in the food and beverage industry. Based out of Plano, TX, they are looking to hire a Penetration Tester focused on Web Applications on a contractual basis.