Evolve Security · 12 hours ago
Penetration Testing Engineer - Application Security
United States
Full-time
Remote
Mid Level
3+ years expEvolve Security is a next generation cybersecurity services firm headquartered in Chicago, IL, dedicated to improving clients' security postures. The Penetration Testing Engineer - Application Security is responsible for independently executing penetration tests, contributing to methodology improvements, and acting as a point of contact for clients during engagements.
ComputerEducationInformation TechnologyNetwork SecuritySecurityTraining
Responsibilities
Conduct full assessments with minimal supervision
Contribute to methodology improvements
Act as a point of contact for clients during engagements
Scope and plan a test in their domain
Execute tests and produce detailed reports with practical remediation advice
Lead technical execution for assigned projects
Qualification
Required
3-5 years of penetration testing experience, during which they have performed numerous assessments
Mastery in at least one penetration testing domain
Strong practical skills and tool usage
Comfortable with a variety of pen testing tools and techniques
Understanding manual testing techniques
Solid communication and consulting skills
Ability to write thorough technical reports that require only light review
Responsive and growing in client-facing abilities
Improved time management and project coordination skills
3+ years of hands-on experience in web application penetration testing
Strong understanding of the OWASP WSTG methodology
Ability to apply structured testing techniques to assess authentication, session management, access control, input validation, error handling, and business logic
Use tools like Burp Suite Pro, OWASP ZAP, Postman, and custom scripts to execute and document each step of the WSTG
Demonstrate proficiency in manual testing and exploit development
Understand and test authentication mechanisms, including OAuth, SAML, MFA implementations, and JWT
Perform access control testing across roles and privilege boundaries
Validate input validation and output encoding to uncover XSS, command injection, and template injection flaws
Assess session management implementations for issues like weak session ID entropy, insecure cookie flags, or token replay
Execute client-side testing using browser dev tools and proxy-based inspection
Understand API-specific attack surfaces, including REST and GraphQL
Be comfortable with code-assisted testing (grey-box) when source is available
Leverage scripting skills (Python, Bash, or JavaScript) to automate recon, fuzzing, or proof-of-concept exploit delivery
Test across various environments (cloud-hosted, containerized, monolithic)
Maintain a deep curiosity and adherence to a methodical process
Communicate findings clearly, with a strong emphasis on business impact, reproducibility, and strategic remediation
Preferred
Certifications such as OSCP, GWAPT (Web Application Testing), GPEN (Network Penetration), OSWE (Web Exploit Developer)
Benefits
Competitive compensation
Healthcare
401(k) match
Flexible paid time off
Hybrid/remote work
Annual vacation reimbursement
Parental leave
Company
Evolve Security
Evolve Security is a technical cybersecurity services firm dedicated to improving your security posture where you are most vulnerable.
51-200 employees
H1B Sponsorship
Evolve Security has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (1)
2021 (1)
Funding
Current Stage
Growth StageTotal Funding
unknown2025-03-11Undisclosed
Leadership Team
Andrew Hamilton
Co-founder, COO
Sam Harris
Chief Technology Officer
Recent News
Company data provided by crunchbase