Penetration Tester jobs in United States
cer-icon
Apply on Employer Site
company-logo

Jobs via Dice ยท 13 hours ago

Penetration Tester

positionDenver, CO
timeFull-time
remoteOnsite
seniorityMid Level

Dice is the leading career destination for tech experts at every stage of their careers, and they are seeking an experienced Penetration Tester to conduct comprehensive security assessments of enterprise web applications. This role focuses on identifying exploitable vulnerabilities and delivering actionable remediation guidance within a regulated financial services environment.

Computer Software
check
H1B Sponsorednote

Responsibilities

Perform scoped penetration testing on designated web applications and supporting components
Identify, validate, and exploit vulnerabilities across:
Authentication and authorization mechanisms
Input validation and data handling
Session management
API endpoints and third-party integrations
Business logic and workflow flaws
Assess applications against OWASP Top 10 and other applicable security standards and best practices
Conduct manual penetration testing, supplemented by automated tooling where appropriate
Analyze and prioritize findings based on impact, exploitability, and likelihood, aligned with Western Union risk rating methodologies
Collaborate with application, security, and engineering teams to clarify findings and remediation approaches
Produce comprehensive penetration testing reports that include:
Executive-level summary of risk and exposure
Detailed technical findings with clear reproduction steps
Proof-of-concept exploits or attack paths
Practical, prioritized remediation recommendations
Communicate results effectively to both technical and non-technical audiences

Qualification

Web application penetration testingOWASP Top 10Burp SuiteSQL InjectionSecurity reporting

Required

Proven experience conducting web application penetration testing in enterprise or regulated environments
Strong working knowledge of OWASP Top 10
Strong working knowledge of common web vulnerabilities (SQL Injection, XSS, CSRF, authentication flaws, etc.)
Strong working knowledge of business logic vulnerabilities, particularly within financial services applications
Familiarity with secure coding practices and modern web frameworks
Proficiency with industry-standard penetration testing tools, including Burp Suite, OWASP ZAP, and similar web application security testing tools
Demonstrated ability to produce clear, actionable security reports tailored to diverse audiences

Company

Jobs via Dice

twitter
company-logo
Welcome to Jobs via Dice, the go-to destination for discovering the tech jobs you want.
people-size0-1 employees
web-link
https://www.dice.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase