Cybersecurity Penetration Testing Engineer – Application & API Security Location: Charlotte, NC Experience: 10 years total About the Role We are seeking an experienced Penetration Testing Engineer specializing in Application and API Security to join our cybersecurity team. The ideal candidate will be a hands‑on offensive security professional skilled in identifying, exploiting, and reporting security vulnerabilities across web, mobile, and API platforms. Key Responsibilities Perform manual and automated penetration testing on web, mobile, and API endpoints. Use Burp Suite Professional extensively (Intruder, Repeater, Extender, Decoder). Identify and exploit authentication, authorization, session management, and input validation vulnerabilities. Conduct source code‑assisted testing to uncover deeper logic flaws. Apply frameworks such as OWASP Top 10, API Security Top 10, and SANS 25. Conduct REST and GraphQL API testing, including JWT, OAuth, and token manipulation. Validate business logic flaws, parameter tampering, and microservices vulnerabilities. Develop PoC exploits to demonstrate risk impact. Simulate real‑world attack scenarios leveraging MITRE ATT&CK and CWE references. Document detailed findings with reproduction steps, impact analysis, and mitigation recommendations. Collaborate with developers and DevSecOps teams to drive secure remediation and retesting. Present findings to both technical and non‑technical stakeholders in clear, actionable language. Integrate testing results into CI/CD pipelines and support DevSecOps automation. Contribute to secure coding guidelines and developer training. Stay current on emerging threats, CVEs, and offensive security tools. Develop custom scripts, payloads, or Burp extensions to enhance testing capabilities. Required Skills & Experience 10 years of total experience in Application and API Penetration Testing. Minimum 3 years of hands‑on offensive security testing experience. Expert‑level proficiency in Burp Suite Professional. Deep understanding of REST, GraphQL, JSON, and XML. Strong command of OWASP Top 10, API Top 10, and CWE Top 25 vulnerabilities. Experience using tools such as OWASP ZAP, Nmap, Metasploit, SQLmap, DirBuster, Hydra, and Ffuf. Excellent report writing and presentation skills. Preferred Skills Familiarity with API gateways (Kong, Apigee) and microservices architectures. Knowledge of Cloud Security (AWS, Azure, GCP) and Container Security (Docker, Kubernetes). Exposure to C2 frameworks (Cobalt Strike, Empire) and red team methodologies. Education & Certifications Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Preferred certifications: OSCP / OSWE / OSEP (Offensive Security); eWPTX / eCPPT / GWAPT / GPEN / CEH (Practical). Job Details Seniority level: Mid‑Senior level Employment type: Contract Job function: Information Technology Industries: Staffing and Recruiting Referrals increase your chances of interviewing at TalentOla by 2x. #J-18808-Ljbffr TalentOla
...shared mission to redefine senior care across the country.Job Summary We are seeking a friendly and compassionate Neurology Nurse Practitioner/Physician Assistant to join our team. As a Neurology Nurse Practitioner/Physician Assistant, you will play a crucial role in...
...top of mind with every move "It's a great company with great jobs. They know what they are doing and will give you a chance. Staffmark is great." -Forklift Driver, Staffmark If you can ride, steer, and stack with style, this job's for you. Apply today. Join...
...Job Objectives Manages the operation of a Walgreen store. Improves store sales, profitability and image through proper merchandising, protection of store assets, the selection, training and development of team members, and modeling and delivering a distinctive and...
Department/Unit: Pediatrics GeneralWork Shift: Day (United States of America)Salary Range: $175,000-$285,000Our pediatric care team offers a broad range of healthcare services in collaboration with pediatric sub specialists and surgeons at the Bernard & Millie Duker...
...execution, and monitoring, ensuring that all aspects of the project align with company objectives and customer requirements. At Honeywell, our people leaders play a critical role in developing and supporting our employees to help them perform at their best and drive...