Cybersecurity Penetration Testing Engineer – Application & API Security Location: Charlotte, NC Experience: 10 years total About the Role We are seeking an experienced Penetration Testing Engineer specializing in Application and API Security to join our cybersecurity team. The ideal candidate will be a hands‑on offensive security professional skilled in identifying, exploiting, and reporting security vulnerabilities across web, mobile, and API platforms. Key Responsibilities Perform manual and automated penetration testing on web, mobile, and API endpoints. Use Burp Suite Professional extensively (Intruder, Repeater, Extender, Decoder). Identify and exploit authentication, authorization, session management, and input validation vulnerabilities. Conduct source code‑assisted testing to uncover deeper logic flaws. Apply frameworks such as OWASP Top 10, API Security Top 10, and SANS 25. Conduct REST and GraphQL API testing, including JWT, OAuth, and token manipulation. Validate business logic flaws, parameter tampering, and microservices vulnerabilities. Develop PoC exploits to demonstrate risk impact. Simulate real‑world attack scenarios leveraging MITRE ATT&CK and CWE references. Document detailed findings with reproduction steps, impact analysis, and mitigation recommendations. Collaborate with developers and DevSecOps teams to drive secure remediation and retesting. Present findings to both technical and non‑technical stakeholders in clear, actionable language. Integrate testing results into CI/CD pipelines and support DevSecOps automation. Contribute to secure coding guidelines and developer training. Stay current on emerging threats, CVEs, and offensive security tools. Develop custom scripts, payloads, or Burp extensions to enhance testing capabilities. Required Skills & Experience 10 years of total experience in Application and API Penetration Testing. Minimum 3 years of hands‑on offensive security testing experience. Expert‑level proficiency in Burp Suite Professional. Deep understanding of REST, GraphQL, JSON, and XML. Strong command of OWASP Top 10, API Top 10, and CWE Top 25 vulnerabilities. Experience using tools such as OWASP ZAP, Nmap, Metasploit, SQLmap, DirBuster, Hydra, and Ffuf. Excellent report writing and presentation skills. Preferred Skills Familiarity with API gateways (Kong, Apigee) and microservices architectures. Knowledge of Cloud Security (AWS, Azure, GCP) and Container Security (Docker, Kubernetes). Exposure to C2 frameworks (Cobalt Strike, Empire) and red team methodologies. Education & Certifications Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Preferred certifications: OSCP / OSWE / OSEP (Offensive Security); eWPTX / eCPPT / GWAPT / GPEN / CEH (Practical). Job Details Seniority level: Mid‑Senior level Employment type: Contract Job function: Information Technology Industries: Staffing and Recruiting Referrals increase your chances of interviewing at TalentOla by 2x. #J-18808-Ljbffr TalentOla
Join to apply for the Asset Protection Associate - Promenade Mall role at JCPenney2 days ago Be among the first 25 applicantsPrimary ResponsibilitiesSupports Shrinkage and Safety Awareness programs: Aids Store Management to communicate current shrinkage and safety...
...We are seeking an Android Engineer Contractor to assist in developing cutting-edge mobile applications for a prestigious, international portfolio of... ...design solutions, and delivering high-quality apps. The project duration is from late November through early...
...At B&B Siding and Roofing , our employees have all started on the ground floor and built... ...01K Matched Up to 3%~ Significant Paid Time Off ~ Company Paid Holidays Job... ...call center, etc.). Proven experience working inside a CRM (HubSpot preferred, AccuLynx...
...Join the Minuti Coffee Team as a Cashier/Barista! Looking for an opportunity to work in a welcoming and vibrant environment? At Minuti Coffee, located in 114 gray street Houston Tx, were passionate about serving exceptional coffee and creating a warm, inviting space for...
...The Human Resources Office is now accepting applications for 2 Maintenance/Grounds Technician II to be assigned to CMRC in Newton. SALARY: $22,039.90 annually WORKING HOURS: TBD EDUCATIONAL REQUIREMENTS/POSITION REQUIREMENTS: Typically requires...