Senior Pen Testing Engineer

Job Responsibilities

• White Box Web Application Penetration Testing: Perform in-depth assessments of web applications using source code, architecture diagrams, and other internal documentation to identify vulnerabilities and security gaps.
• API Penetration Testing: Evaluate RESTful APIs for security flaws, including authorization, authentication, data exposure, business logic vulnerabilities, and protocol-specific threats.
• Threat Modeling & Risk Assessment: Analyze application designs and threat models to discover potential weaknesses before testing begins.
• Vulnerability Identification.
• Reporting & Communication: Clearly document findings, evidence, and remediation steps; present results to technical and non-technical stakeholders.
• Collaboration: Work hand-in-hand with development, DevOps, and infrastructure teams to design secure applications and validate remediation efforts.
• Security Best Practices: Stay up-to-date on the latest security trends, vulnerabilities, and exploitation techniques relevant to web and API environments.

Job Qualifications

• 3+ years in penetration testing, with a focus on mobile, web applications, and APIs.
• Hands-on experience with white box testing methodologies.
• Strong understanding of web application architectures, authentication, and authorization mechanisms.
• Familiarity with JavaScript, Python, Java, or other modern programming languages.
• Experience reading and analyzing source code to identify security issues.
• Proficiency with common penetration testing tools, Knowledge of secure coding standards and practices.
• Excellent problem-solving and analytical skills.
• Effective written and verbal communication.
• Strong attention to detail and ability to work both independently and as part of a team.