Application Penetration Tester - Hybrid
Genesis10 is currently seeking an Application Penetration Tester - Hybrid position with a Global Financial Institution located in Charlotte, NC, Dallas, TX, Minneapolis, MN, Chandler, AZ, Des Moines, IA, Columbus, OH, Raleigh, NC, San Antonio, TX, or Washington, DC. This is a 12+ month contract opportunity.
In this role, you will identify, validate, and exploit security vulnerabilities through hands-on, manual testing across a broad range of application technologies. The focus will be on browser-based/web and API testing, with additional experience in mobile, mainframe, or thick client testing being valuable. The successful candidate will deliver high-confidence, reproducible vulnerabilities with clear evidence and practical remediation guidance, and partner with application teams to drive timely fixes.
Responsibilities:
Conduct application penetration testing across browser-based/web applications, APIs, and mobile applications (and where applicable mainframe and thick client applications) using primarily manual techniques supplemented by automated tools
Include authentication/authorization testing and business-logic abuse cases where applicable
Configure and tune automated tools to support testing, improve coverage, and accelerate discovery (as a complement to manual testing)
Perform deep defect analysis by reproducing, validating, and safely demonstrating impact (including chained attack paths when applicable)
Triage and disposition false positives from automated tooling
Produce clear, reproducible technical reports with evidence (steps to reproduce, impacted components/endpoints, and risk/impact) and practical remediation guidance
Collaborate with application and security teams to ensure shared understanding of defects, prioritization, and remediation paths
Support continuous improvement of testing methodologies and processes leveraging industry standards and best practices
Collaborate with other members of the team to share knowledge and complete peer reviews of reports
Communicate findings and risk clearly to technical and non-technical stakeholders
Requirements:
4 years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education
2 years of hands-on application penetration testing experience (manual testing required), beyond reviewing/validating automated scanner results
2 years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings
Desired skills:
Advanced experience with testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler
Strong knowledge of application security and common vulnerabilities (OWASP Top 10)
Experience with scripting and automation (e.g., Python, Shell)
Knowledge of security best practices and compliance standards (e.g., PCI DSS, GDPR)
Excellent communication skills and the ability to collaborate effectively with cross-functional teams
Strong problem-solving and analytical skills
Demonstrated knowledge of AI/ML-enabled applications and common security risks (for example, prompt injection, sensitive data exposure, and insecure integrations)
Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent are a plus
Pay range: $51.72 - $59.72 per hour
Only candidates available and ready to work directly as Genesis10 employees will be considered for this position.
If you have the described qualifications and are interested in this exciting opportunity, please apply!