Cybersecurity Penetration Testing Engineer – Application & API Security Location: Charlotte, NC Experience: 10 years total About the Role We are seeking an experienced Penetration Testing Engineer specializing in Application and API Security to join our cybersecurity team. The ideal candidate will be a hands‑on offensive security professional skilled in identifying, exploiting, and reporting security vulnerabilities across web, mobile, and API platforms. Key Responsibilities Perform manual and automated penetration testing on web, mobile, and API endpoints. Use Burp Suite Professional extensively (Intruder, Repeater, Extender, Decoder). Identify and exploit authentication, authorization, session management, and input validation vulnerabilities. Conduct source code‑assisted testing to uncover deeper logic flaws. Apply frameworks such as OWASP Top 10, API Security Top 10, and SANS 25. Conduct REST and GraphQL API testing, including JWT, OAuth, and token manipulation. Validate business logic flaws, parameter tampering, and microservices vulnerabilities. Develop PoC exploits to demonstrate risk impact. Simulate real‑world attack scenarios leveraging MITRE ATT&CK and CWE references. Document detailed findings with reproduction steps, impact analysis, and mitigation recommendations. Collaborate with developers and DevSecOps teams to drive secure remediation and retesting. Present findings to both technical and non‑technical stakeholders in clear, actionable language. Integrate testing results into CI/CD pipelines and support DevSecOps automation. Contribute to secure coding guidelines and developer training. Stay current on emerging threats, CVEs, and offensive security tools. Develop custom scripts, payloads, or Burp extensions to enhance testing capabilities. Required Skills & Experience 10 years of total experience in Application and API Penetration Testing. Minimum 3 years of hands‑on offensive security testing experience. Expert‑level proficiency in Burp Suite Professional. Deep understanding of REST, GraphQL, JSON, and XML. Strong command of OWASP Top 10, API Top 10, and CWE Top 25 vulnerabilities. Experience using tools such as OWASP ZAP, Nmap, Metasploit, SQLmap, DirBuster, Hydra, and Ffuf. Excellent report writing and presentation skills. Preferred Skills Familiarity with API gateways (Kong, Apigee) and microservices architectures. Knowledge of Cloud Security (AWS, Azure, GCP) and Container Security (Docker, Kubernetes). Exposure to C2 frameworks (Cobalt Strike, Empire) and red team methodologies. Education & Certifications Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Preferred certifications: OSCP / OSWE / OSEP (Offensive Security); eWPTX / eCPPT / GWAPT / GPEN / CEH (Practical). Job Details Seniority level: Mid‑Senior level Employment type: Contract Job function: Information Technology Industries: Staffing and Recruiting Referrals increase your chances of interviewing at TalentOla by 2x. #J-18808-Ljbffr TalentOla
...The KPMG Advisory practice is currently our fastest growing practice. We are seeing tremendous client demand, and looking forward we don't anticipate that slowing down. In this ever-changing market environment, our professionals must be adaptable and thrive in a collaborative...
...partnerships, and are data-driven, we want to hear from you!As our agency continues to grow we are looking for a Senior Web and Graphic Designer to join the team and be part of this fast-paced growing company.Job Description The Senior graphic designer is responsible...
...n &##127776; Success Stories: Many of our leaders started in entry-level roles and now earn six figures. &##128640;\n &##127881; Fun... ...these 6 days)\n \n Salary and Benefits: \n \n ~$17.25 -$22 /hr plus bonuses (average hourly pay with bonuses $25-$30/hr)\n ~...
...San Francisco to help customers tackle business challenges using cloud technology. You will work closely with clients to design... ...journey. The ideal candidate has over 4 years of experience in cloud computing and technical domains. Strong communication skills are...
...Opportunity for advancement Training & development Dryer Vent Technician You Might Be a Great Fit If: You enjoy working... ...Technician to join our growing team. You will install, clean, repair, and maintain dryer vent systems for residential and commercial...