← Back to all jobs
B

Web Application Penetration Tester

Black Hills Information Security

4h ago

0$120k - $150kDevRemote, USjobspy_indeed
remoteindeed

Job Description

**About the Role:** We're looking for an **experienced Webapp Penetration Tester** to perform penetration tests against modern web applications and web APIs, as well as security assessments of all kinds. The ideal candidate combines a strong foundation in information technology or software development with hands\-on experience identifying, exploiting, and communicating web\-specific security risks.What You'll Do * Perform penetration tests against live web applications and web APIs, with and without source code * Follow a repeatable process that ensures thorough discovery, coverage, and documentation of the attack surface * Recognize in HTTP traffic the presence and use of web application frameworks, technologies, and third\-party services on both the client side and the server side. * Identify and exploit coding errors, misconfigurations, business logic flaws, privilege separation gaps, account recovery flaws, and weaknesses in infrastructure software and third\-party components and services. * Perform attack path analysis and vulnerability chaining to illustrate the true, realistic impact of findings. * Conduct traditional penetration testing in two or more other areas: mobile applications, external/internal network testing, cloud platforms and services, social engineering, C2 and post\-exploitation activities. * Write clear, accurate, and actionable reports with technical details, risk ratings, evidence, and remediation guidance, without relying on AI writing tools. * Present findings to technical teams and executive stakeholders * Stay current with emerging attack techniques, offensive tooling, and the evolution of common webapp components, frameworks, and infrastructure software Required Qualifications * 5 years hands\-on experience performing application\-level penetration tests, red team assessments, or offensive security testing * Strong understanding of penetration testing methodologies: reconnaissance, enumeration, exploitation, privilege escalation, lateral movement, persistence, and reporting * Familiarity with the OWASP Top Ten (for web, for API, for mobile) and ability to explain the causes and solutions for each item * Understanding of application\- and browser\-level security concepts: authentication and authorization, privilege separation, CORS, data encoding schemes, WebSockets, HTTP, DOM storage, Same Origin Policy, JWTs, etc. * Ability to explain security implications and common errors in those areas that contribute to risk * Familiarity with offensive tools: Burp Suite, Caido, Nmap, browser\-based developer tools, Nuclei, AI\-augmented research and analysis * Experience with JavaScript and another scripting language (Python, Rust, Bash, etc) * Strong written and verbal communication skills without reliance on AI\-generated language. * Ability to work independently and manage assessment timelines Preferred Qualifications * Experience developing or QA testing web applications, web APIs, or mobile applications * Experienc