PEN Tester || On-site || Multiple locations across US ||

Cybersecurity Penetration Testing Engineer - Web App, Mobile App & API Security

Location-Charlotte, NC | Dallas / Irving, TX | Chandler, AZ

Job Summary-

The Penetration Testing Engineer will be responsible for conducting in-depth web application, mobile application, and API security testing across business-critical platforms.

The role requires hands-on expertise in Burp Suite, deep understanding of offensive security methodologies, and the ability to identify, exploit, and document security vulnerabilities.

The engineer will work closely with development, DevSecOps, and risk teams to ensure secure SDLC practices and support remediation of discovered vulnerabilities.

Years of experience needed-5-8 years of total experience in application or API penetration testing, with at least 3+ years in hands-on offensive test

Key Responsibilities :

1. Penetration Testing & Vulnerability Assessment

Perform manual and automated penetration testing on web, mobile, and API endpoints.

Use Burp Suite Professional extensively for intercepting, modifying, and exploiting HTTP / S traffic. Conduct source code-assisted testing when applicable to identify deeper logic flaws.

Simulate real-world attack scenarios using OWASP Top 10, SANS 25, and API Security Top 10 framewnes

2. API Security Testing

Perform REST and GraphQL API penetration testing, including JWT, OAuth, and token manipulation.

• Validate business logic vulnerabilities and parameter tampering across microservices.

Use tools such as Postman, Burp Suite, and OWASP ZAP for fuzzing, interception, and payload injection Validate API schema misconfigurations, rate limiting, and data exposure issues.

3. Offensive Security & Exploitation

Execute custom payloads and exploits to demonstrate risk severity to stakeholders.

Develop proof-of-concept (PoC) exploits to validate identified vulnerabilities

Emulate attacker tactics, techniques, and procedures (TTPs) from MITRE ATT&CK and CWE references. Perform targeted assessments on authentication bypass, privilege escalation, and input deserialization.

4. Reporting & Remediation Support

Present reports to technical and management stakeholders in clear, risk-prioritized language.

5. Security Process & Continuous Improvement

Contribute to secure coding guidelines and training sessions for developers.

Evaluate emerging attack trends, new CVES, and offensive security tools to keep the testing framework current.

Assist in developing internal scripts, extensions, or automation workflows for testing efficiency.

Technical Skills

Core Tools & Techniques

Burp Suite Professional-expert-level usage (Intruder, Repeater, Decoder, Extender). Familiarity with OWASP ZAP, Nmap, Metasploit, SQLmap, DirBuster, Hydra, and Ffuf Deep understanding of OWASP Top 10 (Web & API) and CWE Top 25 vulnerabilities Strong ability to identify and exploit logic-based and authentication-related flaws.

Programming & Scripting

Proficiency in at least one scripting language : Python, JavaScript, or Bash.

Offensive Security

Practical experience in vulnerability exploitation, reverse engineering, or red team engagements Familiarity with exploit development frameworks, Ca tools (Cobalt Strike, Empire) is a plus.

HR

Xlysi LLC, Expert Portal Solutions

251 Milwaukee Ave, Buffalo grove, IL 60089

Web :

E-mail : hr@xlysi.com

Our training portal registration :