Contact
Telegram

Senior Web Application Penetration Tester (Contract)

below0day β€’ United State
Remote
Apply
AI Summary

Below0Day is seeking a Senior Web Application Penetration Tester for contract-based engagements. The role involves performing comprehensive assessments of modern web apps, APIs, and cloud-backed platforms. The ideal candidate has 5+ years of experience in web application and API penetration testing.

Key Highlights
Perform manual and automated testing of web applications and APIs
Test for common and advanced vulnerabilities (OWASP Top 10, business logic flaws, IDOR, SSRF, RCE, etc.)
Write detailed, client-facing reports with technical clarity and remediation guidance
Technical Skills Required
HTTP OAuth JWT Burp Suite Pro Nuclei Postman OWASP ZAP AWS GCP Azure Swagger GraphQL MySQL Python JavaScript
Benefits & Perks
Remote work
Contract-based employment
Payment based on app complexity and scope
Possible contract to hire

Job Description


Senior Web Application Penetration Tester (Contract / 1099), Possible Contract to hire

Location: Remote (US-based only)

Employment Type: Contract / 1099 - Contract to hire Possible

Compensation: Per Web Application (based on scope)


About Us:

Below0Day is a premier offensive security firm specializing in application security, red teaming, and advanced infrastructure penetration testing. We work with clients across industries who demand expert-level insight, discretion, and actionable reporting. We're expanding our elite team with a Senior Web Application Penetration Tester for contract-based engagements.


Position Overview:

We’re seeking an experienced Senior Web Application Penetration Tester to perform comprehensive assessments of modern web apps, APIs (REST & GraphQL), and cloud-backed platforms. This role is fully remote but requires you to be based in the United States with US citizenship. You'll work on a per-project basis (1099), with payment based on app complexity and scope.


Responsibilities:

  • Perform manual and automated testing of web applications and APIs.
  • Test for common and advanced vulnerabilities (OWASP Top 10, business logic flaws, IDOR, SSRF, RCE, etc.).
  • Review and test API documentation (Swagger/Postman/GraphQL introspection).
  • Assess application deployments integrated with major cloud platforms (AWS, GCP, Azure).
  • Write detailed, client-facing reports with technical clarity and remediation guidance.
  • Participate in scoping calls and debriefs as needed.

Required Skills:

  • 5+ years of hands-on experience in web application and API penetration testing.
  • Strong understanding of HTTP, authentication mechanisms (OAuth, JWT), and session management.
  • Experience testing cloud-integrated apps (S3 buckets, IAM misconfigurations, Lambda, etc.).
  • Familiar with tools such as Burp Suite Pro, Nuclei, Postman, OWASP ZAP, and custom scripts.
  • Clear, concise writing and documentation skills.
  • Ability to work independently with a high degree of accountability.
  • Must reside in the United States

Nice to Have:

  • Mid-West based
  • Certifications like OSWE, GWAPT, or Burp Suite Certified Practitioner.
  • Experience with source code review.
  • Familiarity with CI/CD pipeline security.
  • Experience testing single-page apps and mobile frontends backed by APIs.
  • Other Pen Testing Experiance


Note: This is a 1099 contract position. You will be paid per web application. Long-term collaboration and recurring work are required. Possible contract to hire.


Apply Now
Job Overview
Posted Date Dec 02, 2025
Employment Type Full-time
Experience Level Mid-Senior level
Location United State
Category Testing
Company below0day
Mentioned Skills
graphql gcp s3 penetration testing owasp oauth aws cloud postman burp suite
Industries
computer and network security

Subscribe our newsletter

New Things Will Always Update Regularly