Penetration Tester

Dragonfli Group

full-time

Posted on: 3/18/2026

Location Type: Remote

Location: United States

Visit company website

Explore more

QA Engineer jobs

✨ AI Apply

Apply

Job Level

Mid-Level Senior

Tech Stack

Android AWS Azure Cloud Google Cloud Platform GraphQL iOS Microservices Python

About the role

Engagement Scoping & Planning: Partner with stakeholders to define objectives, rules of engagement, and success criteria to ensure safe execution.
Reconnaissance & Enumeration: Perform passive and active discovery of attack surfaces, services, and APIs to map trust boundaries.
Manual Application Testing: Conduct deep testing of web and mobile apps aligned with OWASP Top 10 and common design flaws.
Vulnerability Validation: Safely verify findings such as XSS, SQLi, CSRF, SSRF, and broken access control to demonstrate real-world impact.
Network & Infrastructure Testing: Identify weaknesses in exposed services, insecure protocols, and misconfigurations across hybrid environments.
Post-Exploitation Analysis: Assess blast radius, lateral movement paths, and persistence risks while minimizing operational impact.
Reporting & Remediation: Deliver clear technical reports with reproduction steps and prioritized fixes for both engineers and leadership.

Requirements

Strong understanding of web application security and modern attack techniques.
Demonstrated ability to distinguish false positives from exploitable issues.
Proven experience documenting evidence and providing pragmatic remediation guidance.
Ability to operate within strict rules of engagement and ethical safety constraints.
U.S. Citizenship or Permanent Residency (Green Card).
Previous experience supporting federal contracting environments.
Experience with mobile (Android/iOS) or cloud penetration testing (AWS/Azure/GCP).
Experience with CI/CD and supply chain security testing.
Familiarity with modern app architectures like microservices and containers.
Offensive Tools: Burp Suite, Nmap, Metasploit.
Scripting/Automation: Python, PowerShell, or Bash for lightweight proof-of-concepts.
Security Frameworks: OWASP Top 10, OWASP ASVS.
Authentication Patterns: OAuth 2.0, OpenID Connect, SAML.
API Paradigms: REST, GraphQL.
Relevant Certifications: OSCP, GWAPT, GPEN, PNPT (or equivalent).

Benefits

Insurance - health, dental, and vision
Paid Time Off (PTO) and 11 Federal Holidays
401(k) employer match

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

web application securitypenetration testingvulnerability validationmanual application testingscriptingcloud penetration testingCI/CDsupply chain security testingAPI testingnetwork testing

Soft Skills

stakeholder engagementdocumentationremediation guidanceethical safetyanalytical skillscommunicationproblem-solvingattention to detailcollaborationcritical thinking

Certifications

OSCPGWAPTGPENPNPT