Lead dynamic penetration testing against mobile, API, and web applications and information systems.
Identify vulnerabilities and use manual exploitation techniques to demonstrate business impact.
Deliver clear, actionable reports outlining findings, vulnerability scoring, and remediation guidance for both technical and non‑technical audiences.
Continuously enhance testing methodologies by researching emerging threats, tools, and techniques.
Support team initiatives such as process optimization, tool/script development, and knowledge sharing.

Requirements

Bachelor’s degree in Engineering or Science, or equivalent work experience.
Eight or more years of experience in information security.
Two or more years of experience in: IT infrastructure management, Application architecture, Risk management, Data architecture, Middleware technology, IT operations and project management
5+ years of hands‑on experience with Android and iOS testing methodologies.
Familiarity with platform‑specific risks, OWASP MASVS, and MASTG.
Deep understanding of OWASP Top 10, API Security Top 10, and SANS Top 25 vulnerabilities.
Advanced proficiency with Burp Suite Pro, Postman/Insomnia, and custom scripts.
Skilled in identifying business logic flaws, access control issues, and chaining exploits.
Experience testing in AWS, Azure, containerized environments, and Kubernetes.
Familiarity with cloud‑native tools such as AWS Inspector, Azure Defender, and ScoutSuite.
Strong scripting skills (Python, PowerShell, Bash, Ruby, Go).
Solid understanding of HTTP/S, OAuth, SAML, JWT, TCP/IP, DNS, firewalls, and IDS/IPS.
Ability to conduct threat modeling and risk assessments to prioritize testing and communicate business impact.
Knowledge of PCI‑DSS, HIPAA, NIST 800‑53, ISO 27001, and FedRAMP.
Excellent written and verbal communication skills.
Proven ability to lead engagements, manage stakeholder expectations, and mentor junior testers.

Benefits

Healthcare (medical, dental, vision)
Basic term and optional term life insurance
Short-term and long-term disability
Pregnancy disability and parental leave
401(k) and employer-funded retirement plan
Paid vacation (from two to five weeks depending on salary grade and tenure)
Up to 11 paid holiday opportunities
Adoption assistance
Sick and Safe Leave accruals of one hour for every 30 worked, up to 80 hours per calendar year unless otherwise provided by law

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

penetration testingvulnerability assessmentmanual exploitation techniquesAndroid testing methodologiesiOS testing methodologiesscripting (Python, PowerShell, Bash, Ruby, Go)threat modelingrisk assessmentsAPI securitybusiness logic flaws

Soft skills

communication skillsleadershipstakeholder managementmentoringprocess optimizationknowledge sharingreport writingteam collaborationproblem-solvingadaptability

Certifications

Bachelor’s degree in Engineering or SciencePCI-DSSHIPAANIST 800-53ISO 27001FedRAMP