Senior Application Security Penetration Tester--Locals

Hi All,

Hope you are doing well!

Job Title--Senior Application Security Penetration Tester

Location-- Rockville, Maryland

NOTE--Its not a regular testing position.

Job Description

Position Overview:

The Senior Application Security Penetration Tester is responsible for assessing and improving the security posture of web, mobile, and cloud-based applications. This role involves conducting security assessments, penetration tests, code reviews, and collaborating with development and security teams to identify and remediate vulnerabilities.

Key Responsibilities:

• Perform advanced penetration testing on web, mobile, and cloud applications to identify security vulnerabilities.
• Conduct static and dynamic application security testing (SAST/DAST).
• Perform source code reviews to identify security flaws in applications.
• Develop and execute threat models to assess application risks.
• Collaborate with development teams to provide security guidance and recommend fixes.
• Research emerging threats, vulnerabilities, and attack techniques.
• Develop security tools, scripts, and automation for penetration testing.
• Document and communicate findings with technical and non-technical stakeholders.
• Assist in the development and implementation of secure coding best practices.
• Provide security training and mentorship to developers and junior security engineers.
• Participate in red team/blue team exercises as needed.

Required Skills and Qualifications:

• 10+ years of experience in application security, penetration testing, or ethical hacking.
• Expertise in web and mobile application security testing methodologies (OWASP Top 10, SANS Top 25).
• Strong knowledge of application security vulnerabilities, exploit techniques, and remediation strategies.
• Proficiency in tools such as Burp Suite, Metasploit, Nessus, Kali Linux, and similar security tools.
• Experience with secure coding practices and code review in languages like Java, Python, JavaScript, C#, or Go.
• Understanding of authentication, authorization, and cryptographic security concepts.
• Hands-on experience with cloud security testing (AWS, Azure, Google Cloud Platform).
• Strong scripting and automation skills (Python, Bash, PowerShell).
• Certifications such as OSCP, OSWE, CISSP, CEH, GWAPT, or similar are a plus.
• Excellent communication skills, including technical report writing and stakeholder engagement.

Preferred Qualifications:

• Experience with DevSecOps and integrating security into CI/CD pipelines.
• Familiarity with container security (Docker, Kubernetes).
• Experience with API security testing (GraphQL, REST, SOAP).
• Red teaming experience or knowledge of advanced attack techniques.

Thanks & Regards

RM CHANDRA SEKHAR