Apply on Employer Site

OnDefend · 1 day ago

Application Penetration Tester

United States

Full-time

Remote

Mid Level

$120K/yr - $160K/yr

3+ years exp

OnDefend is seeking an Application Penetration Tester to support application security assessments across a growing portfolio of client engagements. This role is responsible for conducting hands-on security testing of web, mobile, and API-based applications and validating the effectiveness of implemented security controls.

ConsultingCyber SecurityInformation TechnologyIT Infrastructure

No H1B

Responsibilities

Application Security Testing & Assessment Execution

Conduct technical security testing of web and mobile applications, including:

Manual application penetration testing

Vulnerability validation and exploitation

Security control validation

Perform source code review to identify security weaknesses and logic flaws

Implement static and dynamic security testing techniques (SAST, DAST, SCA)

Validate security controls protecting applications and backend services

Leverage adversarial tradecraft and threat intelligence to design and execute assessments

Security Analysis & Findings Development

Identify, analyze, and validate vulnerabilities across application layers

Assess risk impact and likelihood to support accurate severity ratings

Develop clear and reproducible findings, including technical evidence and attack narratives

Provide remediation recommendations aligned with secure coding and architectural best practices

Reporting & Stakeholder Communication

Triage, document, and publish security findings in accordance with reporting standards

Communicate findings and recommendations to technical and non-technical stakeholders

Support development of executive summaries, technical narratives, and presentations

Collaborate with TPMs to support assessment timelines and delivery milestones

Tooling, Automation & Tradecraft Development

Utilize industry-standard testing tools such as Burp Suite Pro and related extensions

Leverage automated testing and monitoring solutions within CI/CD pipelines

Develop or modify custom tooling, scripts, or processes to improve assessment effectiveness

Propose new assessment approaches based on prior findings and evolving threat landscapes

Research, Innovation & Program Support

Perform security research to stay current on emerging vulnerabilities and attack techniques

Contribute to knowledge sharing and innovation within the testing team

Support additional program initiatives or operational tasks as assigned

Qualification

Application penetration testingSecurity testing toolsSource code reviewWeb application testingMobile application testingAPI security testingCloud security testingProgramming languagesResearchCollaborationCommunicationProblem-solving

Required

3+ years of experience performing application penetration testing or equivalent experience

Equivalent experience may include extensive application development with security testing exposure

Strong background in application, network, and system security

Experience testing web and mobile applications and their backend services

Experience working with Windows and ix-based systems

Understanding of application deployment architecture including containers, container orchestration, and cloud functions

Ability to read, write, and understand code in multiple programming languages, including: Python, Java, JavaScript, Golang, C/C++, C#, Bash, Ruby, or similar

Hands-on experience with application security testing tools, including Burp Suite Pro

Familiarity with SAST, DAST, and SCA tools such as Burpsuite, ZAP, Postman, Coverity, Blackduck, Checkmarx, Semgrep, and others