Location: Remote
Engagement Type: Contract
We are seeking an experienced Mobile & Application Penetration Tester to perform advanced manual security testing across APIs, web applications, mobile platforms, and thick client applications. This role requires strong hands-on exploitation skills, independent engagement ownership, and the ability to communicate findings clearly to both technical and non-technical stakeholders.
Perform manual penetration testing against:
REST and SOAP APIs
Web applications
Mobile applications (iOS/Android)
Thick client applications
Conduct threat modeling and business logic analysis
Perform application architecture security reviews
Execute objective-based and abstract penetration testing engagements
Develop and exploit Proof-of-Concept (POC) vulnerabilities
Demonstrate testing techniques in real time when required
Document findings and provide clear remediation guidance
Lead remediation discussions with development and security teams
Operate independently with minimal supervision
Minimum 5 years of recent experience in:
API penetration testing
Web application security testing
Mobile application penetration testing
Hands-on experience with:
Burp Suite Pro
Netsparker or similar application security testing tools
Strong ability to present technical findings to both technical and business stakeholders
Bachelor’s degree in a related field or equivalent professional experience
GWAPT
CREST
OSWE
OSWA
Manual exploitation and vulnerability validation
API and mobile security assessment
Business logic vulnerability analysis
Technical reporting and client communication
Independent engagement management