Security Engineer III (Pen Tester)
- Engagement scoping & planning: Partner with stakeholders to define objectives, rules of engagement, in-scope assets, testing windows, and success criteria; ensure testing is authorized and safely executed.
- Reconnaissance & enumeration: Perform passive and active discovery of attack surface, services, endpoints, APIs, and misconfigurations; map trust boundaries and data flows.
- Manual application testing: Conduct deep testing of web apps, mobile apps (as applicable), and application programming interfaces (APIs), aligned to OWASP Top 10 and common design/implementation flaws.
- Vulnerability validation & exploitation: Safely verify findings and demonstrate impact (where permitted), including:
- Cross-site scripting (XSS)
- SQL injection (SQLi)
- Cross-site request forgery (CSRF)
- Server-side request forgery (SSRF)
- Authentication and authorization flaws (e.g., broken access control, privilege escalation)
- Session management issues, insecure deserialization, security misconfiguration, and business logic vulnerabilities
- Network and infrastructure testing: Identify and validate weaknesses such as exposed services, weak segmentation, insecure protocols, credential issues, and misconfigurations across on-prem and cloud assets.
- Post-exploitation analysis (when in scope): Assess blast radius, lateral movement paths, sensitive data exposure, and persistence risks; collect evidence responsibly and minimize operational impact.
- Reporting & remediation support: Deliver clear reports including reproduction steps, risk ratings, evidence, and prioritized fixes; communicate effectively with both engineers and non-technical stakeholders; retest fixes as needed.
- Ability to work independently and collaborate as part of a team
- Effective written and verbal communication skills
- Meticulous attention to detail and quality of work product
- Ability to build and sustain professional relationships
- Ability to lead projects or workstreams
- Ability to manage and prioritize multiple tasks in a fast-paced and dynamic environment
- Strong interpersonal skills and professional demeanor
- Ability to meet deadlines
- Ability to provide clear guidance to others
- Bachelor's degree required.
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
- Must be able to obtain and maintain the required clearance for this role.
- 3+ years of hands-on experience in penetration testing to include the following :
- Strong understanding of web application security, OWASP Top 10, and modern attack techniques against web apps and APIs.
- Proficiency with industry-standard tools such as Burp Suite, Nmap, Metasploit, and scripting for automation (e.g., Python/PowerShell/Bash), plus comfort writing lightweight proof-of-concepts.
- Demonstrated ability to distinguish false positives vs. exploitable issues, document evidence, and provide pragmatic, developer-friendly remediation guidance.
- Familiarity with common auth patterns (OAuth 2.0, OpenID Connect, SAML), API paradigms (REST/GraphQL), and modern app architectures (microservices, containers) is strongly preferred.
- Certifications such as OSCP, OSWEP, CRTO, or eJPT (eLearnSecurity Junior Penetration Tester) are highly desirable.
- 1+ years experience within the following:
- Experience with mobile (Android/iOS) testing, cloud penetration testing (AWS/Azure/GCP), or CI/CD and supply chain testing.
- Relevant certifications (examples: OSCP, GWAPT, GPEN, PNPT) or equivalent proven experience.
- Proven experience with adversary simulation, adversary emulation, or red team operations.
Recommended Jobs
Marine Electrician
NSC Staffing is currently hiring experienced Marine Electricians with an Active Secret Clearance to support operations at Norfolk Naval Shipyard in Portsmouth, Virginia. Minimum Requirements…
Crew Member
Job Description Job Description Responsibilities •Team Members will passionately serve our Guests, by providing excellent Guest service and fast, BOLD food! •Building sales and profits by prom…
Logistics Coordinator II
Our Story With $1,000 in his pocket, Allen Lund made the brave decision to start his own transportation brokerage company. It was 1976, when Allen Lund Company formally opened the first office i…
Senior Associate, Capital Markets and Risk
Overview Senior Associate, Capital Markets and Risk As a Senior Associate, Capital Markets and Risk at Capital One, you will apply your strategic and analytical skills to major company challen…
Lead Commercial HVAC Installation Mechanic (Hiring Immediately)
Description: Are you an experienced Commercial HVAC Installation Mechanic ready to take the next step in your career? Join a growing, well-established company that values skilled professionals, rewar…
Linguist
Overview We are seeking a highly skilled and mission-focused Linguist to support language analysis, translation, and cultural expertise for the U.S. Intelligence Community. The ideal candidate i…
IVF Nurse Coordinator
Job Description Job Description Come join CCRM Fertility, a global pioneer in fertility treatment, research, science, specializing in IVF, fertility testing, egg freezing, preimplantation genetic…
Construction Project Manager - Industrial Projects
We are seeking an experienced Construction Project Manager to lead and deliver complex industrial construction projects . This role is primarily focused on Water and Wastewater treatment facilit…
SkillBridge, Data Center Critical Facilities Engineer - Trainee
Who are we? Equinix is the world’s digital infrastructure company®, shortening the path to connectivity to enable the innovations that enrich our work, life and planet. A place where bold idea…
Body Technician
Job Description Job Description Earn top pay for your bodywork experience in this dayshift career. Monthly bonuses – Overtime – Great benefits – Advancement Excel Truck Group , a growing E…