Penetration Tester (Web Application Security)

STRATEGIC STAFFING SOLUTIONS HAS AN OPENING!

This is a Contract Opportunity with our company that MUST be worked on a W2 Only. No C2C eligibility for this position. Visa Sponsorship is Available! The details are below.

“Beware of scams. S3 never asks for money during its onboarding process.”

Job Title: Penetration Tester

Location: Denver, CO, 80237

Onsite Work

Contract Length: 6+ Months

We are seeking an experienced Penetration Tester to conduct comprehensive security assessments of enterprise web applications. This role focuses on identifying exploitable vulnerabilities, validating the effectiveness of existing security controls, and delivering actionable remediation guidance to strengthen the organization’s application security posture within a regulated financial services environment.

The ideal candidate combines strong hands-on technical testing skills with the ability to clearly communicate risk to both technical and executive stakeholders.

Scope of Work

• Perform scoped penetration testing on designated web applications and supporting components.
• Identify, validate, and exploit vulnerabilities across:
• Authentication and authorization mechanisms
• Input validation and data handling
• Session management
• API endpoints and third-party integrations
• Business logic and workflow flaws
• Assess applications against OWASP Top 10 and other applicable security standards and best practices.
• Conduct manual penetration testing, supplemented by automated tooling where appropriate.
• Analyze and prioritize findings based on impact, exploitability, and likelihood, aligned with Western Union risk rating methodologies.
• Collaborate with application, security, and engineering teams to clarify findings and remediation approaches.

Reporting & Documentation

• Produce comprehensive penetration testing reports that include:
• Executive-level summary of risk and exposure
• Detailed technical findings with clear reproduction steps
• Proof-of-concept exploits or attack paths
• Practical, prioritized remediation recommendations
• Communicate results effectively to both technical and non-technical audiences.

Required Qualifications

• Proven experience conducting web application penetration testing in enterprise or regulated environments.
• Strong working knowledge of:
• OWASP Top 10
• Common web vulnerabilities (SQL Injection, XSS, CSRF, authentication flaws, etc.)
• Business logic vulnerabilities, particularly within financial services applications
• Familiarity with secure coding practices and modern web frameworks.
• Proficiency with industry-standard penetration testing tools, including:
• Burp Suite
• OWASP ZAP
• Similar web application security testing tools
• Demonstrated ability to produce clear, actionable security reports tailored to diverse audiences.

Deliverables

• Formal vulnerability assessment report with severity ratings and risk prioritization
• Retesting and validation following remediation to confirm closure of identified issues