Penetration Tester

We’re looking for a hands-on Application Security Engineer to lead penetration testing efforts for mobile, web, embedded, and cloud applications before they go live. This role will work closely with developers and DevSecOps teams to set up secure testing environments, deploy Burp Suite Enterprise, and help remediate security findings.
________________________________________
Key Responsibilities:
• Independently perform penetration testing on web, mobile, APIs, and cloud applications.
• Set up and manage Burp Suite Enterprise for automated and manual testing.
• Work with developers to create secure test environments for new applications.
• Present findings to DevSecOps and development teams, and guide remediation.
• Use tools like Burp Suite, OWASP ZAP, Metasploit, and Nmap for testing.
• Identify vulnerabilities based on OWASP Top 10, SANS/CWE Top 25, and other standards.
• Create custom exploits and proof-of-concept attacks when needed.
• Write clear reports and executive summaries outlining risks and fixes.
• Participate in threat modeling and secure design reviews.
• Stay up to date on new security threats, tools, and techniques.
• Support red team exercises and broader enterprise security efforts.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience.
• 5+ years of hands-on application penetration testing.
• Strong understanding of web technologies (HTML, JavaScript, REST APIs, OAuth, JSON).
• Experience testing mobile apps (iOS/Android) and APIs.
• Familiarity with cloud platforms like AWS or GCP.
• Proficiency with OWASP testing methodologies.
• Excellent problem-solving and communication skills.

• Certifications like OSCP, OSWE, GWAPT, GPEN, or CEH.
• Experience integrating security into the software development lifecycle (SSDLC).
• Knowledge of container security (Docker, Kubernetes).
• Ability to write scripts or exploits in Python, PowerShell, or Bash.

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.