Job Description

Application Penetration Tester

Location: Washington, DC, 20002 – Onsite

Salary Range: $120,000 – $170,000 per year

Employment Type: Full-Time

Sponsorship: U.S. work authorization required. Visa sponsorship is not available for this role.

Position Overview:

We are seeking a highly skilled and motivated Application Penetration Tester II to join our cybersecurity team in Washington, DC. In this role, you will be responsible for conducting technical assessments of web and mobile applications to identify vulnerabilities and validate security controls. You will utilize your expertise in application security and tools such as SAST, DAST, and SCA to support our organization's mission to protect against evolving threats.

The ideal candidate will have at least 3 years of experience in application penetration testing, a passion for security, strong communication skills, and the ability to operate in a fast-paced, collaborative environment.

Key Responsibilities:

• Conduct penetration testing and vulnerability assessments on web and mobile applications.
• Perform in-depth source code reviews and provide security consulting based on findings.
• Implement static and dynamic application security testing (SAST/DAST).
• Integrate security testing into CI/CD pipelines and monitor automated testing tools.
• Validate security controls across front-end applications and back-end services.
• Communicate vulnerabilities, risk assessments, and remediation strategies to stakeholders.
• Develop detailed, accurate technical reports and executive summaries.
• Design and execute assessments using adversarial tradecraft and threat intelligence.
• Innovate and contribute to knowledge sharing and tool development within the team.
• Propose and implement improvements to testing methodologies and internal processes.
• Support additional cybersecurity initiatives and operational projects as required.

Minimum Qualifications:

• 3+ years of hands-on application penetration testing experience
• (or 5+ years of application development experience with at least 2 years of security testing)
• Solid foundation in application, network, and system security concepts.
• Proficiency with both Windows and Unix/Linux systems.
• Strong programming/scripting ability in languages such as Python, Bash, Java, C/C++, C#, Ruby, or Perl.
• Familiarity with tools such as:
• Burp Suite Pro , OWASP ZAP, Acunetix, NetSparker
• DAST/SAST/SCA tools including Fortify, Checkmarx, Black Duck, Coverity, VeraCode, etc.
• Demonstrated experience communicating complex findings clearly to both technical and non-technical audiences.

Preferred Qualifications:

• Experience with mobile app security testing and reverse engineering (Android/iOS).
• Familiarity with Docker, Kubernetes, and container security practices.
• Cloud security experience across platforms like AWS, Azure, or Oracle Cloud.
• One or more relevant certifications:
• OSCP, GWAPT, GPEN, GXPN, GCIH, CRTE, CRTP, CEPT, GCPN, eWPT, CASE, GSSP-Java, GSSP-.NET , etc.
• Experience identifying and reporting vulnerabilities through bug bounty platforms or public CVEs.
• Knowledge of securing and testing modern APIs and web services.

Why Join Us?

• Be part of a forward-thinking cybersecurity team dedicated to continuous improvement.
• Collaborate with experts passionate about protecting organizations from evolving cyber threats.
• Access to ongoing professional development and cutting-edge security tools.
• Work in a supportive environment that encourages innovation and knowledge sharing.

If you are an experienced penetration tester who thrives on solving complex security challenges and wants to make a real impact— we’d love to hear from you.

Job Tags

Similar Jobs