PEN Tester || On-site || Multiple locations across US ||

Cybersecurity Penetration Testing Engineer - Web App Mobile App & API Security

Location-Charlotte NC Dallas / Irving TX Chandler AZ

Job Summary-

The Penetration Testing Engineer will be responsible for conducting in-depth web application mobile application and API security testing across business-critical platforms.

The role requires hands-on expertise in Burp Suite deep understanding of offensive security methodologies and the ability to identify exploit and document security vulnerabilities.

The engineer will work closely with development DevSecOps and risk teams to ensure secure SDLC practices and support remediation of discovered vulnerabilities.

Years of experience needed-5-8 years of total experience in application or API penetration testing with at least 3 years in hands-on offensive test

Key Responsibilities :

1. Penetration Testing & Vulnerability Assessment

Perform manual and automated penetration testing on web mobile and API endpoints.

Use Burp Suite Professional extensively for intercepting modifying and exploiting HTTP / S traffic. Conduct source code-assisted testing when applicable to identify deeper logic flaws.

Simulate real-world attack scenarios using OWASP Top 10 SANS 25 and API Security Top 10 framewnes

2. API Security Testing

Perform REST and GraphQL API penetration testing including JWT OAuth and token manipulation. Validate business logic vulnerabilities and parameter tampering across microservices.

Use tools such as Postman Burp Suite and OWASP ZAP for fuzzing interception and payload injection Validate API schema misconfigurations rate limiting and data exposure issues.

3. Offensive Security & Exploitation

Execute custom payloads and exploits to demonstrate risk severity to stakeholders.

Develop proof-of-concept (PoC) exploits to validate identified vulnerabilities

Emulate attacker tactics techniques and procedures (TTPs) from MITRE ATT&CK and CWE references. Perform targeted assessments on authentication bypass privilege escalation and input deserialization.

4. Reporting & Remediation Support

Document detailed findings reproduction steps impact analysis and mitigation recommendations.

Collaborate with developers and DevSecOps teams to ensure timely patching and secure code fixes Participate in vulnerability triage and retesting post-remediation.

Present reports to technical and management stakeholders in clear risk-prioritized language.

5. Security Process & Continuous Improvement

• .Integrate testing results into CI / CD pipelines where possible (DevOps enablement).

Contribute to secure coding guidelines and training sessions for developers.

Evaluate emerging attack trends new CVES and offensive security tools to keep the testing framework current.

Assist in developing internal scripts extensions or automation workflows for testing efficiency.

Technical Skills

Core Tools & Techniques

Burp Suite Professional-expert-level usage (Intruder Repeater Decoder Extender). Familiarity with OWASP ZAP Nmap Metasploit SQLmap DirBuster Hydra and Ffuf Deep understanding of OWASP Top 10 (Web & API) and CWE Top 25 vulnerabilities Strong ability to identify and exploit logic-based and authentication-related flaws.

Programming & Scripting

Proficiency in at least one scripting language : Python JavaScript or Bash.

Experience writing small custom scripts or Burp extensions for advanced payloads.

Understanding HTTP / HTTPS REST GraphQL JSON and XML protocols.

Offensive Security

Practical experience in vulnerability exploitation reverse engineering or red team engagements Familiarity with exploit development frameworks Ca tools (Cobalt Strike Empire) is a plus.

HR

Xlysi LLC Expert Portal Solutions

251 Milwaukee Ave Buffalo grove IL 60089

Web : E-mail :

Our training portal registration :

Key Skills

Asset,Front Desk,Banking & Finance,Jboss,Accident Investigation,Chemistry

Employment Type : Full Time

Experience : years

Vacancy : 1