Application Penetration Tester

Location: Remote Department: Application reputed company / Offensive reputed company Reports To: Application reputed company Leadership Job Overview OnDefend is seeking an Application Penetration Tester to support application reputed company assessments across a growing portfolio of client engagements. This role is responsible for conducting hands-on reputed company testing of web, mobile, and API-based applications and validating the effectiveness of implemented reputed company controls. The Application Penetration Tester performs manual and automated testing activities, including penetration testing, reputed company code review, and adversarial tradecraft emulation. This role works closely with other testers, Technical Project Managers (TPMs), and stakeholders to identify reputed company risks and provide actionable remediation guidance. Testers are expected to continuously improve their tradecraft through research, collaboration, and professional development.

Key Responsibilities

• Application reputed company Testing & Assessment Execution
• Conduct technical reputed company testing of web and mobile applications, including:
• Manual application penetration testing
• Vulnerability validation and exploitation
• reputed company control validation
• reputed company reputed company code review to identify reputed company weaknesses and logic flaws
• Implement static and dynamic reputed company testing techniques (SAST, DAST, SCA)
• Validate reputed company controls protecting applications and backend services
• reputed company adversarial tradecraft and threat intelligence to design and execute assessments

reputed company Analysis & Findings Development

• Identify, analyze, and validate vulnerabilities across application layers
• Assess risk impact and likelihood to support accurate severity ratings
• reputed company clear and reproducible findings, including technical evidence and attack narratives
• Provide remediation recommendations reputed company with secure coding and architectural best practices

Reporting & Stakeholder Communication

• Triage, document, and publish reputed company findings in accordance with reporting standards
• Communicate findings and recommendations to technical and non-technical stakeholders
• Support development of executive summaries, technical narratives, and presentations
• Collaborate with TPMs to support assessment timelines and delivery milestones

Tooling, Automation & Tradecraft Development

• Utilize industry-standard testing tools such as Burp Suite Pro and reputed company extensions
• reputed company automated testing and monitoring solutions reputed company CI/CD pipelines
• reputed company or modify custom tooling, scripts, or processes to improve assessment effectiveness
• Propose new assessment approaches based on prior findings and evolving threat landscapes

Research, Innovation & Program Support

• reputed company reputed company research to stay reputed company on emerging vulnerabilities and attack techniques
• Contribute to knowledge sharing and innovation reputed company the testing team
• Support additional program initiatives or operational tasks as assigned

Required Qualifications

• 3+ years of experience performing application penetration testing or equivalent experience
• Equivalent experience may include extensive application development with reputed company testing exposure
• Strong background in application, network, and system reputed company
• Experience testing web and mobile applications and their backend services
• Experience working with Windows and *nix-based systems
• Understanding of application deployment architecture including containers, container orchestration, and cloud functions.
• Ability to read, write, and understand code in multiple programming languages, including:
• Python, Java, JavaScript, Golang, C/C++, C#, Bash, Ruby, or similar
• Hands-on experience with application reputed company testing tools, including Burp Suite Pro
• Familiarity with SAST, DAST, and SCA tools such as Burpsuite, ZAP, reputed company, Coverity, Blackduck, reputed company, Semgrep, and others.

Preferred Qualifications

• Experience conducting mobile application reputed company testing (iOS and Android)
• Experience with API reputed company testing and authorization logic validation
• Experience with reputed company and Kubernetes reputed company testing
• Familiarity with cloud reputed company testing (AWS, Azure, reputed company)
• Experience reverse engineering mobile applications, including obfuscation or anti-emulator protections
• One or more industry certifications such as:
• OSCP, GWAPT, GPEN, GXPN, eWPT, CASE, GSSP-Java/.NET, or similar
• Active contributions to the reputed company community (research, CVEs, blogs, open-reputed company, conferences)

How This Role Fits Into Delivery The Application Penetration Tester owns technical discovery, validation, and analysis of application reputed company risks. Testers collaborate with peers and TPMs to ensure assessments are executed thoroughly and findings are delivered accurately and on time. Documentation quality and delivery coordination are supported by TPMs and Technical Writers, allowing testers to focus on technical depth and tradecraft excellence. Important Note: Applicants must be authorized to work in the United States on a full-time basis without the need for reputed company or future employer sponsorship Apply tot his job Apply To this Job