Application Penetration Tester

TL;DR

Application Penetration Tester: Conducting manual and automated security assessments of web applications and APIs with an accent on identifying complex vulnerabilities and business-logic flaws. Focus on demonstrating security impact through chained attack paths and collaborating with development teams to drive effective remediation.

Location: Must be based in or able to commute to Charlotte, NC; Dallas, TX; Minneapolis, MN; Chandler, AZ; Des Moines, IA; Columbus, OH; Raleigh, NC; San Antonio, TX; or Washington, DC (Hybrid)

Company

hirify.global is a professional services firm providing staffing and consulting solutions across various industries.

What you will do

• Perform manual penetration testing on web applications, APIs, and mobile platforms.
• Validate and demonstrate security vulnerabilities, including chained attack paths.
• Configure and tune automated DAST tools to improve coverage and discovery.
• Produce clear, reproducible technical reports with actionable remediation guidance.
• Collaborate with development and security teams to support defect prioritization and resolution.
• Communicate security risks effectively to both technical and non-technical stakeholders.

Requirements

• 2+ years of hands-on application penetration testing experience with a focus on manual testing.
• 2+ years of DAST experience, including tool configuration and manual verification.
• 2+ years of general cybersecurity experience.
• Strong knowledge of OWASP Top 10 and common application security vulnerabilities.
• Excellent written and verbal communication skills for reporting and stakeholder management.
• Must be able to work a consistent hybrid schedule in one of the specified US locations.

Nice to have

• Experience with mobile, mainframe, or thick client applications.
• Proficiency with Burp Suite, Invicti, WebInspect, or Fiddler.
• Scripting and automation skills (Python, Shell).
• Understanding of security risks in AI/ML-enabled applications.
• Relevant certifications such as OSCP, BSCP, GWAPT, GPEN, or GXPN.

Culture & Benefits

• Consistent Monday–Friday work schedule with flexibility.
• Collaborative team environment with peer review processes.
• Focus on continuous improvement of security methodologies.
• Opportunity to work on diverse application technologies.