Penetration Testing Engineer – Web & API (Contract)

Penetration Testing Engineer – Web & API (Contract) Type: Contract / Short-term Project Location: Remote Level: Senior Overview SKYTEK Solutions is seeking an experienced penetration testing engineer to perform a focused security assessment of a modern web application environment. This engagement includes unauthenticated and authenticated testing, MFA-protected workflows, and delivery of a clear, executive-ready penetration testing report. This role is suited for a seasoned tester who can operate independently and produce high-quality, actionable findings. Scope of Work Web application penetration testing (non-production environment) Unauthenticated + authenticated user flow testing Authorization, session management, and access-control validation OWASP Top 10 vulnerability assessment Testing in WAF-protected environments Coordination with internal security teams as required Environment & Security Context Low-privilege test user access provided MFA-enabled authentication flows Azure-based infrastructure and WAF controls No IP allowlisting required; security notification required Deliverables Executive summary (risk-focused) Detailed findings with CVSS scoring Clear remediation guidance Evidence and reproduction steps Retest / validation (if requested) Requirements 5+ years of hands-on penetration testing experience Strong web application & API security expertise Experience testing authenticated & MFA-protected apps Familiarity with WAF/CDN-protected environments Ability to deliver professional, well-structured reports Excellent communication and discretion Nice to Have Mobile backend or hybrid app testing experience OAuth / SSO / CIAM familiarity OSCP, OSWE, GWAPT, or similar certifications Apply tot his job