Senior Penetration Tester
On-site · Washington, District of Columbia, United States
Job Summary
Senior Penetration Tester responsible for planning, scoping, and executing penetration testing engagements across web, API, cloud, infrastructure, thick-client, and mobile environments; performing manual and automated testing with industry tools; producing comprehensive reports with risk assessments and remediation recommendations; conducting peer reviews; collaborating with cross-functional teams to remediate findings; staying current with threats and contributing to methodology improvements.
Required Qualifications
- 5+ years of hands-on penetration testing experience in offensive security
- Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile applications (android/iOS)
- Experience with industry-standard tools such as Burp Suite, Nmap, Metasploit
- Strong understanding of security assessment methodologies (OWASP Top Ten, NIST Cybersecurity Framework)
- Ability to identify and articulate systemic security issues and provide actionable remediation
- Excellent written and verbal communication for technical reports and presentations
- Experience conducting peer reviews of penetration test reports and mentoring junior testers
- Continuous learner with up-to-date knowledge of offensive security trends and tools
- Knowledge of cybersecurity practices in financial services sector and incident response methodologies
- Proficiency in security concepts across Windows and Unix-like systems
- Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities
- Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, BSCP
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.