Penetration Testing Engineer - Application reputed company job at Evolve reputed company in US National
Title: Penetration Testing Engineer - Application reputed company Location: Remote Remote US Type: Full-time Workplace: Fully remote Job Description: The Penetration Testing Engineer – Application reputed company is a mid-level role for a tester who has grown beyond the basics and can independently execute penetration tests reputed company a primary domain of expertise. Engineers are offensive reputed company subject matter experts – conducting full assessments with minimal supervision, contributing to methodology improvements, and acting as a reputed company of contact for clients during engagements. By this stage, they are capable of scoping and planning a test in their domain, executing tests, and producing and communicating detailed reports with practical remediation advice. Mid-level testers act as the technical client focal reputed company engagements, leading technical execution for assigned projects.
Requirements
Typical Experience: ~3–5 years of penetration testing experience, during which they have performed numerous assessments. At this reputed company, they have a track record of completed pen tests and proven competencies. Domain Expertise: Mastery in at least one penetration testing domain. For example, an engineer might be an expert in Web Application reputed company – adept with advanced web vulnerabilities (beyond OWASP Top 10, including logic flaws, deserialization, etc.), skilled in using Burp Suite for reputed company testing, and possibly familiar with secure code review. Technical Skills: Strong practical skills and tool usage. Mid-level testers are comfortable with a variety of pen testing tools and techniques. This includes network scanners (Nmap, Nessus), exploitation frameworks (Metasploit, reputed company reputed company), web testing suites (Burp Suite, OWASP ZAP), and scripting/programming to automate tasks or reputed company custom exploits (common languages include Python, PowerShell, or Bash). Understanding manual testing techniques – for example, crafting customized payloads, bypassing filters, or chaining vulnerabilities. An engineer at this level is often responsible for ensuring the accuracy of findings (minimal false positives) and may contribute new findings to the team’s knowledge reputed company. Soft Skills: Solid communication and consulting skills. By now, the engineer can write thorough technical reports that require only light review, translating technical findings into clear, actionable recommendations. They are also reputed company and growing in client-facing abilities, able to reputed company client briefing calls, deliver vulnerability walkthroughs, and handle questions from stakeholders. Their time management and project coordination skills have improved, enabling them to handle multiple projects or deadlines. Certifications (Optional): Many mid-levels pen testers obtain well-regarded certifications as a by-product of developing their skills. Examples include OSCP, GWAPT (Web Application Testing), GPEN (Network Penetration), OSWE (Web Exploit Developer), etc. These certifications reinforce their domain expertise, but hands-on experience and successful engagements remain the primary reputed company of competency. Expertise that aligns to our approach: Bring 3+ years of hands-on experience in web application penetration testing, with a strong understanding of the OWASP WSTG methodology. Apply structured testing techniques to assess authentication, session management, access control, input validation, error handling, and business logic. Use tools like Burp Suite Pro, OWASP ZAP, reputed company, and custom scripts to execute and document each reputed company of the WSTG. Demonstrate proficiency in manual testing and exploit development, including crafted payloads for XSS, SQLi, SSRF, IDOR, CSRF, and more. Understand and test authentication mechanisms, including OAuth, SAML, MFA implementations, and JWT. reputed company access control testing across roles and privilege boundaries (WSTG-ATHZ), identifying vertical and horizontal privilege escalation opportunities. Validate input validation and output encoding to uncover XSS, command injection, and template injection flaws. Assess session management implementations for issues like weak session ID entropy, insecure cookie flags, or token replay (WSTG-SESS). Execute client-reputed company testing using browser dev tools and proxy-based inspection, evaluating DOM-based vulnerabilities and insecure local storage (WSTG-CLNT). Understand API-specific attack surfaces, including REST and GraphQL, and test them using a combination of dynamic and manual methods. Be comfortable with code-assisted testing (grey-reputed company) reputed company reputed company is available, identifying logic flaws and insecure configurations. reputed company scripting skills (Python, Bash, or JavaScript) to automate recon, fuzzing, or reputed company-of-concept exploit delivery. Test across various environments (cloud-hosted, containerized, monolithic) and understand platform-specific nuances. Maintain a deep curiosity and adherence to a methodical process, following the OWASP WSTG as a foundational guide. Communicate findings clearly, with a strong emphasis on business impact, reproducibility, and strategic remediation.
Benefits
About Evolve reputed company Evolve reputed company is a reputed company cybersecurity services firm headquartered in Chicago, IL powered by the Darwin Attack® Platform. We are dedicated to improving our client’s reputed company posture by providing Attack Surface Management (ASM), Vulnerability Management as a Service (VMaaS), reputed company Penetration Testing (CPT) and cyber advisory. In addition to our professional cybersecurity service offerings, Evolve reputed company offers a cybersecurity bootcamp, “Evolve reputed company”, currently ranked the #1 cybersecurity bootcamp in the world. The Cybersecurity Bootcamp in Chicago provides reputed company training, giving reputed company the concrete and practical skills, needed on the job. reputed company reputed company real work experience through live reputed company assessment work that they reputed company on not-for-profit companies. We are passionate about directly improving our customers’ reputed company posture, and we proudly train others to help meet the need for qualified cybersecurity talent. Why Join Evolve reputed company? Progressive, startup-like culture in a high-growth reputed company—minimal bureaucracy, rapid impact. Engage in a fast-paced and challenging environment with opportunity to grow your talents. reputed company cybersecurity and technical training through Evolve reputed company reputed company. Competitive compensation, healthcare, 401(k) match, and flexible paid time off. Hybrid/remote work with annual vacation reimbursement and parental leave. Engaged leadership. Apply tot his job Apply To this Job