Yoh has an exciting opportunity for an Application Penetration Tester with an enterprise Financial Services Company. This position is available as a long-term contract, working on a hybrid basis. Qualified candidates must live in a commutable distance to Tampa, FL or Dallas, TX. We are seeking a highly skilled security professional to conduct comprehensive evaluations of applications and APIs, identifying potential vulnerabilities and risks. This role involves proactive threat hunting, detailed manual security testing, and collaboration with various teams to ensure top-quality product delivery.
Title: Application Penetration Tester
Compensation: $50-70/hr
Duration: Long term contract, potential to convert
Location: Tampa or Dallas; Hybrid 3 days a week in office
Industry: Financial Services
Responsibilities:
- Perform thorough security assessments on applications and APIs to identify vulnerabilities.
- Engage in activities to detect and assess application risks before they are exploited.
- Conduct detailed manual testing to uncover security weaknesses.
- Prepare standardized reports documenting identified vulnerabilities and technical issues.
- Generate comprehensive assessment reports summarizing findings and supporting remediation efforts.
- Act as a subject matter expert on Application Defense, addressing inquiries and providing guidance.
- Work closely with Security Architects, Product Managers, Risk Managers, and other teams to deliver secure, high-quality products.
Required Skills and Qualifications:
- Minimum of 6 years of relevant experience in application security testing.
- Bachelor's Degree or equivalent professional experience.
- At least 4 years of experience conducting red teaming engagements.
- Skilled in using application security testing tools such as Burp Suite Professional and OWASP ZAP.
- Strong ability in manual security testing and "live off the land" strategies.
- Deep understanding of OWASP Top 10 and SANS Top 25 vulnerabilities and effective defense techniques.
- Knowledge of the MITRE Framework and adversarial methodologies.
- Capability to bypass controls and test for misconfigurations.
- Ability to work effectively under pressure, manage multiple tasks, and remain flexible.
- Possession of certifications such as OSCP, GWAPT, CISSP, or other relevant offensive security/red teaming credentials.
Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Visit to contact us if you are an individual with a disability and require accommodation in the application process.
For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship potentially resulting in the withdrawal of a conditional offer of employment.