Application Penetration Tester jobs in United States
cer-icon
Apply on Employer Site
company-logo

Crux Security ยท 5 months ago

Application Penetration Tester

positionUnited States
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
date8+ years exp

Crux Security is seeking an experienced Senior Application Penetration Tester to conduct in-depth security assessments of web, mobile, and cloud-based applications. The role involves identifying vulnerabilities, simulating real-world attacks, and providing actionable remediation guidance to improve security posture.

Cyber SecurityNetwork HardwareSecurity

Responsibilities

Conduct manual and automated penetration tests on web, mobile, and API-based applications
Identify, exploit, and document vulnerabilities following OWASP, MITRE ATT&CK, and industry best practices
Utilize common security tools (Burp Suite, Metasploit, Kali Linux, ZAP, etc.) and custom scripts to assess application security
Perform source code reviews and security assessments of application architectures
Simulate real-world attack scenarios and assess business risks
Provide detailed reports with clear remediation guidance for development and security teams
Collaborate with developers, DevOps, and security engineers to integrate security into the SDLC
Stay up to date on emerging threats, zero-day vulnerabilities, and security trends

Qualification

Application penetration testingOWASP Top 10Burp SuiteCloud securitySoftware developmentMobile application testingPython scriptingReport writingExecutive advisory skillsDevSecOps practicesPresentation skills

Required

8+ years of hands-on experience in application penetration testing and security assessments
Deep background in software development
Expert knowledge of OWASP Top 10, SANS 25, CWE, and NIST frameworks
Proficiency with tools like Burp Suite, Metasploit, Nmap, Kali Linux, ZAP, SQLmap, etc
Strong understanding of web technologies (HTTP, REST APIs, GraphQL, WebSockets, etc.)
Experience testing mobile applications (iOS & Android), including reverse engineering and dynamic analysis
Familiarity with cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes)
Ability to write and understand exploits, scripts, and automation tools in Python, Bash, or PowerShell
Exceptional english (native), presentation, report writing, and executive advisory skills

Preferred

Relevant certifications such as OSCP, OSWE, GWAPT, GPEN, or CISSP
Experience in red teaming, threat modeling, and adversary simulation
Familiarity with CI/CD security tools and DevSecOps practices
Background in secure coding and software development

Benefits

Fully remote with flexible working hours.
Competitive salary and bonus incentives.
Continuous training and certification reimbursement.
Work on diverse projects across multiple industries.
Collaborative and innovative security team culture.

Company

Crux Security

twittertwitter
company-logo
Crux Security provides tools for developing and managing security programs for growing companies.
location
Cedar Park, Texas, USA
people-size2-10 employees
web-link
https://www.cruxsecurity.ai

Funding

Current Stage
Early Stage
Company data provided by crunchbase