Sr. Web Application Penetration Tester - Cybersecurity

Position: Sr. Web Application Penetration Tester - Cybersecurity Location: Remote Hiring Mode: 12 Months Contract Job Description: The Senior Web Application Penetration Tester is responsible for identifying security vulnerabilities in internally developed and third-party web applications used across the Utility. This role focuses exclusively on application-layer security testing, helping ensure that customer-facing and internal web applications are resilient against real-world threats. The position works closely with application development, cloud, and security teams to reduce risk and improve secure development practices. Key Responsibilities: Web Application & API Penetration Testing • Conduct manual and automated penetration testing of web applications and RESTful APIs • Identify and exploit common and advanced web vulnerabilities (e.g., OWASP Top 10, business logic flaws) • Test authentication, authorization, session management, and access controls • Perform API security testing including authorization bypass, mass assignment, and input validation flaws • Assess application security across development, test, and production environments (as authorized) Secure SDLC & Collaboration • Partner with application development and DevSecOps teams to integrate security testing into the SDLC • Provide guidance on secure coding practices and vulnerability remediation • Support threat modeling and design reviews for new or enhanced applications Reporting & Risk Communication • Produce detailed penetration test reports with clear reproduction steps and remediation recommendations • Communicate risk in business-appropriate language for technical and non-technical stakeholders • Validate remediation through follow-up testing and re-assessments Tools & Techniques • Use industry-standard tools such as Burp Suite, OWASP ZAP, Postman, and custom scripts • Leverage manual testing techniques to identify business logic and workflow vulnerabilities • Stay current on emerging web application attack techniques and defenses Required Qualifications • 6+ years of cybersecurity experience with a strong focus on web application penetration testing • Demonstrated experience testing modern web applications and APIs • Strong understanding of HTTP/S, REST, JSON, authentication mechanisms, and web architectures • Proficiency with tools such as Burp Suite Pro and API testing tools • Working knowledge of at least one scripting or programming language (e.g., Python, JavaScript, or PowerShell) • Strong written and verbal communication skills Preferred Qualifications • Experience testing customer-facing applications in regulated environments • Familiarity with cloud-hosted applications and CI/CD pipelines • Knowledge of OWASP ASVS, SAMM, or similar application security standards • Certifications such as OSCP, GWAPT, OSWE, or similar Apply tot his job