Web Application Penetration Tester

Web Application Penetration Tester

KirkpatrickPrice is seeking a Penetration Tester who enjoys teaching as much as testing. We’re a security partner to companies new to the need for penetration testing. Our clients need security experts who are experienced, patient, and communicate well, to help them discover vulnerabilities and teach them how to strengthen their defenses. We love empowering and inspiring our clients to effectively protect their most sensitive data. If that describes you, and you’re well-qualified, we want you on our team.

This particular position requires strong experience testing web applications, while also supporting network, mobile application, and emerging AI security assessments. Competitive applicants will demonstrate hands on web application testing experience; possess the GWAPT, PWPA or equivalent penetration testing certifications; and demonstrate both the ability and desire to teach and mentor. Experience testing mobile applications, APIs, cloud environments, and AI enabled applications or large language model (LLM) integrations will further differentiate strong candidates. Experience with web development, app development, and evaluating the OWASP Top 10, OWASP Mobile Top 10, and broader OWASP testing methodologies is highly valued.

Desired Applicant Characteristics

Character

• Possess an extreme level of integrity. The top 1% of wealth holders in America rate integrity as the #1 factor that explains economic success.
• Apply diligence to the project so that the client benefits the most. Find the vulnerabilities.
• Passionate about teaching clients applicable cybersecurity concepts. We help clients achieve compliance across a variety of information security frameworks.
• Strong desire to contribute to and learn from an open and collaborative team. Humility and contribution to the team are valued.
• Able to communicate complex technical issues clearly to both technical and non technical audiences.

Experience

• Skillful in analyzing a company’s defenses and designing an effective attack plan.
• Capable of understanding and interpreting a wide range of business environments including financial services, healthcare, technology providers, retail, and SaaS environments.
• Strong experience performing web application penetration testing, with additional experience testing internal and external network infrastructure.
• Experience performing iOS and Android mobile application penetration testing in alignment with methodologies such as the OWASP Mobile Application Security Testing Guide (MASTG) and OWASP Mobile Top 10.
• Familiarity with AI and LLM security testing concepts such as prompt injection, insecure plugin or agent functionality, data exposure risks, authorization weaknesses, and abuse of AI integrated business workflows, evaluated against frameworks such as the OWASP LLM Top 10 and MITRE ATLAS, is considered a major differentiator.
• Knowledge of and ability to operate within major cloud environments such as Azure, AWS, and Google Cloud.
• Ability to understand client needs and present remediation guidance in a collaborative and approachable manner. 
• Hold certifications relevant to the requirements detailed above.

Productivity

• Energetic about working in a small company environment and sharing in and contributing to KirkpatrickPrice’s growth.
• Efficient with the latest penetration testing tools, techniques, and exploits.
• Passionate about continuous research and improving technical tradecraft.
• Excited to collaborate closely with colleagues across the penetration testing team.
• Must detest a daily commute to an office. Virtual office experience is essential. Some days, it’s fun to just stay in superhero pajamas.
• Must reside near our clients…which means…anywhere in America.