We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Vaco jobs

Application Penetration Tester II

Vaco
$130,000.00 - $160,000.00 / yr
United States, Florida, Jacksonville
May 02, 2025
Application Penetration Tester II
Full time
Onsite - Washington DC
No sponsorship

Job Overview:
We are looking for an Application Penetration Tester II with 3+ years of experience, strong communication skills, creativity, innovation, and the ability to manage and resolve complex issues within a dispersed organization.
As an Application Security Penetration Tester II, you will leverage your expertise in application security, utilizing SAST/DAST/SCA tooling to perform comprehensive technical testing. The technical testing will range from source code review to adversarial tradecraft mapping to test and validate security controls of web and mobile applications. Application Penetration Testers are expected and supported to continuously improve their tradecraft and expertise through research, professional development, and experience.

Primary Responsibilities:
  • Conduct technical testing of web and mobile applications including but not limited to penetration testing, vulnerability scanning, social engineering, and validating security controls.
  • Perform in-depth source code reviews, providing security consulting on findings
  • Implement static and dynamic security testing techniques
  • Leverage automated security testing and monitoring such as integrating CI/CD pipelines
  • Validate security controls around web resources and mobile applications and their backend web services
  • Triage, publish, and communicate findings and recommendations to client stakeholders
  • Develop comprehensive and accurate reports and presentations for varied stakeholders
  • Utilize adversarial tradecraft and cyber threat intelligence to design, emulate, and execute assessments
  • Perform innovative research and promote an environment of innovation and knowledge sharing
  • Design and propose new penetration assessments based on prior findings and understanding of client infrastructure
  • Develop/modify custom tooling or processes to solve or improve identified assessment or program needs
  • Other program operational or project initiatives to be assigned
Minimum Qualifications:
  • 3+ years of experience performing application penetration tests or equivalent experience (i.e. 5+ years designing web or mobile applications, with less than 3 years of experience in penetration testing, red team emulation, or purple team operations)
  • Comprehensive background in application, network, and system security
  • Experience with Windows and Nix systems
  • Experience with reading, writing, and editing code written in various programming languages, such as Perl, Python, Ruby, Bash, C/C++, C#, and Java
  • Experience with security test tooling such as Burp Suite Pro, including identification and use of relevant plugins and extensions
  • Proficiency in DAST/SAST/SCA tools like Black Duck, Coverity, Datadog, Chechmarx, Fortify Static Code Analyzer, OWASP ZAP, Acunetix, NetSparker, VeraCode, Plextrac, and Burp Suite.
Preferred Qualifications:
  • Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections
  • Experience with Docker and Kubernetes security
  • Experience or familiarity with cloud security practices or penetration tests (AWS, Azure, Oracle)
  • Holds at least one industry standard certification such as GWAPT, OSCP, GCIH, GPEN, GXPN, CRTE, CRTP, CEPT, GCPN, eWPT, CASE, GSSP-Java, and GSSP-.NET
  • Active contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, conferences, etc.
  • Experience with IOS and Android operating systems
  • Experience with securing and testing API vulnerabilities

Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.

EEO Notice

Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.

Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .

Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal.

By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.

Privacy Notice

Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.

  • California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
  • Virginia residents may access our state specific policies here.
  • Residents of all other states may access our policies here.
  • Canadian residents may access our policies in English here and in French here.
  • Residents of countries governed by GDPR may access our policies here.
Pay Transparency Notice

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

  • the individual's skill sets, experience and training;
  • licensure and certification requirements;
  • office location and other geographic considerations;
  • other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.

Applied = 0
MORE JOBS LIKE THIS

(web-94d49cc66-9tddw)