Manual Application Penetration Tester (Web & API)

🌍 Remote, USA 🎯 Full-time πŸ• Posted Recently

Job Description

Job Title:

Manual Application Penetration Tester (Web & API)
Contract Type:

Contract
Role Overview

We are seeking experienced Manual Application Penetration Testers to perform in-depth security testing of web applications, APIs, and mobile applications. This role requires hands-on, offensive security expertise with a strong focus on manual exploitation, business logic testing, and real-world attack simulation.

    The ideal candidate can independently execute penetration testing engagements, clearly articulate findings to both technical and non-technical audiences, and guide remediation efforts.Key Responsibilities
  • Perform manual application penetration testing of:
  • Web applications
  • REST & SOAP APIs
  • Mobile applications (iOS/Android – nice to have)
  • Thick client applications (where applicable)
  • Conduct business logic testing, threat modeling, and application architecture reviews
  • Identify and exploit vulnerabilities including (but not limited to):
  • IDOR / BOLA
  • Authentication & authorization flaws
  • Session management issues
  • Injection flaws (SQLi, XSS, XXE, etc.)
  • Logic flaws missed by automated scanners
  • Perform objective-based and abstract penetration testing engagements
  • Develop and demonstrate proof-of-concept (PoC) exploits
  • Use Burp Suite Pro extensively for manual testing (Repeater, Intruder, Decoder, etc.)
  • Present findings via live demos, written reports, and client readouts
  • Clearly communicate risks, impact, and remediation guidance
  • Work independently with minimal oversight while meeting delivery timelines
    Required Qualifications
  • 5+ years of recent experience in manual application penetration testing
  • Strong experience testing:
  • Web applications
  • APIs (REST / SOAP)
  • Hands-on expertise with Burp Suite Pro
  • Proven ability to perform manual exploitation (not scanner-only testing)
  • Experience communicating results to both technical and non-technical stakeholders
  • Ability to lead remediation discussions and retesting efforts
  • Bachelor’s degree in Computer Science, Engineering, or equivalent industry experience
    Preferred Qualifications
  • Mobile application penetration testing (iOS / Android)
  • Experience with tools such as:
  • Netsparker
  • OWASP ZAP
  • Postman / SoapUI
  • Experience with OAuth, JWT, and modern authentication mechanisms
  • Ethical hacking certifications (preferred, not required):
  • GWAPT
  • OSWE
  • OSWA
  • CREST
    Nice-to-Have Experience
  • Threat modeling frameworks (STRIDE, PASTA, etc.)
  • Secure SDLC / DevSecOps exposure
  • Client-facing consulting or enterprise security engagements

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!

πŸš€ Apply Now

Similar Jobs

Recent Jobs

You May Also Like