Cybersecurity Penetration Testing Engineer – Application & API Security Location: Charlotte, NC Experience: 10 years total About the Role We are seeking an experienced Penetration Testing Engineer specializing in Application and API Security to join our cybersecurity team. The ideal candidate will be a hands‑on offensive security professional skilled in identifying, exploiting, and reporting security vulnerabilities across web, mobile, and API platforms. Key Responsibilities Perform manual and automated penetration testing on web, mobile, and API endpoints. Use Burp Suite Professional extensively (Intruder, Repeater, Extender, Decoder). Identify and exploit authentication, authorization, session management, and input validation vulnerabilities. Conduct source code‑assisted testing to uncover deeper logic flaws. Apply frameworks such as OWASP Top 10, API Security Top 10, and SANS 25. Conduct REST and GraphQL API testing, including JWT, OAuth, and token manipulation. Validate business logic flaws, parameter tampering, and microservices vulnerabilities. Develop PoC exploits to demonstrate risk impact. Simulate real‑world attack scenarios leveraging MITRE ATT&CK and CWE references. Document detailed findings with reproduction steps, impact analysis, and mitigation recommendations. Collaborate with developers and DevSecOps teams to drive secure remediation and retesting. Present findings to both technical and non‑technical stakeholders in clear, actionable language. Integrate testing results into CI/CD pipelines and support DevSecOps automation. Contribute to secure coding guidelines and developer training. Stay current on emerging threats, CVEs, and offensive security tools. Develop custom scripts, payloads, or Burp extensions to enhance testing capabilities. Required Skills & Experience 10 years of total experience in Application and API Penetration Testing. Minimum 3 years of hands‑on offensive security testing experience. Expert‑level proficiency in Burp Suite Professional. Deep understanding of REST, GraphQL, JSON, and XML. Strong command of OWASP Top 10, API Top 10, and CWE Top 25 vulnerabilities. Experience using tools such as OWASP ZAP, Nmap, Metasploit, SQLmap, DirBuster, Hydra, and Ffuf. Excellent report writing and presentation skills. Preferred Skills Familiarity with API gateways (Kong, Apigee) and microservices architectures. Knowledge of Cloud Security (AWS, Azure, GCP) and Container Security (Docker, Kubernetes). Exposure to C2 frameworks (Cobalt Strike, Empire) and red team methodologies. Education & Certifications Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Preferred certifications: OSCP / OSWE / OSEP (Offensive Security); eWPTX / eCPPT / GWAPT / GPEN / CEH (Practical). Job Details Seniority level: Mid‑Senior level Employment type: Contract Job function: Information Technology Industries: Staffing and Recruiting Referrals increase your chances of interviewing at TalentOla by 2x. #J-18808-Ljbffr TalentOla
...Job Description Job Description Description: POSITION SUMMARY: The Client Service Specialist is a customer-focused role, dedicated and vital to the success of Park State Bank. In this role, you will serve as a trusted advisor to our customers, helping them with...
...S. Diploma or General Education Degree (GED) Required Graduate of a Surgical Technology program Required Work Experience ~3 years Certification as a Surgical Technologist or of surgical tech experience Required Additional Licenses and Certifications Certification...
...Come break through with us. The global Human Resource (HR) Function provides an integrated talent management system that delivers... ...aid in making Cornings Values visible. Role Purpose The HR Consultant role is designed to provide leadership and oversight of key HR...
...Virtual Assistant I, you will be responsible for providing administrative support to our team and clients. You will work remotely from the comfort of your own home, and we offer both full-time and part-time positions. Responsibilities: - Manage and organize emails,...
...Full time work: Monday - Friday (7am-4pm) or part time available. No call / No weekend clinical responsibilities. Physicians... ...wound care fellowship W2 employment contract (No work visa sponsorship is available) Benefits: Full health and...