We are seeking a focused and highly motivated Web Application Penetration Tester to identify and mitigate security risks within our Secure Software Development Lifecycle (SSDLC). In this role, you will act as a key technical evaluator, conducting application-layer penetration tests and security architecture reviews across our web, API, and cloud ecosystems.
As a mid-level Subject Matter Expert (SME), you will bridge the gap between development and security, ensuring that vulnerabilities are discovered, prioritized, and remediated. This is a hands-on technical role that requires critical thinking and the ability to communicate risk effectively to various stakeholders.
Credential Requirements & Workspace Status
Work Arrangement: This position is 100% on-site in Dallas, TX, starting from the first day of employment. Full-time physical presence is mandatory.
Mandatory Certifications: Candidates must hold at least one of the following industry-recognized certifications: GWAPT (GIAC Web Application Penetration Tester), GPEN (GIAC Penetration Tester), OSCP (Offensive Security Certified Professional), or eWPT (ElearnSecurity Web Pentester).
Key Responsibilities
Vulnerability Assessment & Penetration Testing
- Execute targeted application security penetration tests to identify flaws in software design and technical implementation.
- Perform security assessments on APIs and cloud-integrated systems to ensure robust data protection and authentication.
- Utilize manual and automated testing techniques to discover vulnerabilities such as injection flaws, broken access control, and cryptographic failures.
Security Architecture & Consultation
- Review technical design documentation early in the development phase to ensure security requirements are properly incorporated.
- Assess emerging security standards and authentication protocols to determine where they can extend or improve current organizational capabilities.
- Provide clear, actionable guidance on security design patterns for web and cloud-based applications.
Advocacy & Collaboration
- Partner with technology SMEs to define and formalize the security policies needed to build and support secure application services.
- Facilitate a "Security First" culture by promoting application security awareness and secure coding best practices among development teams.
- Communicate findings and security concepts clearly to both technical developers and management-level stakeholders.
Required Qualifications
Experience: 3–5 years of professional experience in Information Security, with a significant focus on application penetration testing or secure code review.
Technical Proficiency: Strong working knowledge of the OWASP Top 10 and common web exploitation techniques.
Hands-on experience with industry-standard tools (e.g., Burp Suite, OWASP ZAP, Postman).
Familiarity with modern authentication protocols (OAuth2, OIDC, SAML).
Analytical Skills: Ability to think critically, solve problems independently, and prioritize remediation efforts based on risk.
Communication: Excellent written and verbal skills for documenting technical findings and presenting them to non-security audiences.
Education: Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent work experience).
