Application Penetration Tester Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid ...
Application Penetration Tester Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid ...
Application Penetration Tester
Charlotte, NC · Hybrid
$65 - $70/hr
Application Penetration Tester Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid ...
Application Penetration Tester
Charlotte, NC · Hybrid
$65 - $70/hr
Application Penetration Tester Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid ...
Application Penetration Tester - Hybrid
Charlotte, NC · On-site
$51.72 - $59.72/hr
Genesis10 is currently seeking an Application Penetration Tester - Hybrid position with a Global Financial Institution located in Charlotte, NC, Dallas, TX, Minneapolis, MN, Chandler, AZ, Des Moines ...
Application Penetration Tester - Hybrid
Charlotte, NC · On-site
$51.72 - $59.72/hr
Genesis10 is currently seeking an Application Penetration Tester - Hybrid position with a Global Financial Institution located in Charlotte, NC, Dallas, TX, Minneapolis, MN, Chandler, AZ, Des Moines ...
Senior Web Application Penetration Tester
Annapolis, MD · On-site +1
$125K - $145K/yr
Senior Web Application Penetration Tester Job Type: Full-time Location: Maryland, Northern Virginia, or Remote Clearance Requirements: Must be able to obtain a Secret Clearance Travel Requirements:
Senior Web Application Penetration Tester
Annapolis, MD · On-site +1
$125K - $145K/yr
Senior Web Application Penetration Tester Job Type: Full-time Location: Maryland, Northern Virginia, or Remote Clearance Requirements: Must be able to obtain a Secret Clearance Travel Requirements:
Senior Web Application Penetration Tester
Annapolis, MD · On-site
$125K - $145K/yr
Senior Web Application Penetration Tester Job Type: Full-time Location: Maryland, Northern Virginia, or Remote Clearance Requirements: Must be able to obtain a Secret Clearance Travel Requirements:
Senior Web Application Penetration Tester
Annapolis, MD · On-site
$125K - $145K/yr
Senior Web Application Penetration Tester Job Type: Full-time Location: Maryland, Northern Virginia, or Remote Clearance Requirements: Must be able to obtain a Secret Clearance Travel Requirements:
Experience with network and application security assessments. * Experience documenting technical ... Conduct enterprise penetration testing activities including: * Perform internal and external ...
Experience with network and application security assessments. * Experience documenting technical ... Conduct enterprise penetration testing activities including: * Perform internal and external ...
Senior Specialist, MAST Application Penetration Tester
Atlanta, GA · On-site
$95K - $208K/yr
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Senior Specialist, MAST Application Penetration Tester
Atlanta, GA · On-site
$95K - $208K/yr
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Penetration Tester
Springfield, VA · On-site
$100K - $140K/yr
GIAC Web Application Penetration Tester (GWAP) Company Description Total Cyber Solutions is a premier provider of Government Contracting, managed IT Services, and Cybersecurity Training. We help ...
Quick apply
Apply Early
Penetration Tester
Springfield, VA · On-site
$100K - $140K/yr
GIAC Web Application Penetration Tester (GWAP) Company Description Total Cyber Solutions is a premier provider of Government Contracting, managed IT Services, and Cybersecurity Training. We help ...
Apply Early
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Conduct manual application penetration testing against API's (REST/SOAP), Web Applications, Mobile applications, and thick client applications * Perform objective based on abstract penetration ...
Security Consultant II (Web Application Penetration Tester) NetSPI ® pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security ...
Security Consultant II (Web Application Penetration Tester) NetSPI ® pioneered Penetration Testing as a Service (PTaaS) and leads the industry in modern pentesting. Combining world-class security ...
Penetration Tester
Springfield, VA · On-site
$100K - $140K/yr
GIAC Web Application Penetration Tester (GWAP) Company Description Total Cyber Solutions is a premier provider of Government Contracting, managed IT Services, and Cybersecurity Training. We help ...
Quick apply
Penetration Tester
Springfield, VA · On-site
$100K - $140K/yr
GIAC Web Application Penetration Tester (GWAP) Company Description Total Cyber Solutions is a premier provider of Government Contracting, managed IT Services, and Cybersecurity Training. We help ...
NIH - Penetration Tester
Bethesda, MD · On-site +1
Experience with network and application security assessments. * Experience documenting technical ... Conduct enterprise penetration testing activities including: * Perform internal and external ...
NIH - Penetration Tester
Bethesda, MD · On-site +1
Experience with network and application security assessments. * Experience documenting technical ... Conduct enterprise penetration testing activities including: * Perform internal and external ...
NIH - Penetration Tester
Bethesda, MD · Remote
Experience with network and application security assessments. * Experience documenting technical ... Conduct enterprise penetration testing activities including: * Perform internal and external ...
Quick apply
Apply Early
NIH - Penetration Tester
Bethesda, MD · Remote
Experience with network and application security assessments. * Experience documenting technical ... Conduct enterprise penetration testing activities including: * Perform internal and external ...
Apply Early
Application Penetration Tester information
See salary details
$96.5K - $102.2K
4% of jobs
$102.2K - $108K
8% of jobs
$108K - $113.7K
4% of jobs
$113.7K - $119.4K
2% of jobs
$121.8K is the 25th percentile. Wages below this are outliers.
$119.4K - $125.1K
16% of jobs
$125.1K - $130.9K
15% of jobs
The median wage is $131.2K / yr.
$130.9K - $136.6K
11% of jobs
$136.6K - $142.3K
10% of jobs
$145.3K is the 75th percentile. Wages above this are outliers.
$142.3K - $148K
10% of jobs
$148K - $153.8K
11% of jobs
$153.8K - $159.5K
10% of jobs
$96.5K
$132.3K
$159.5K
How much do application penetration tester jobs pay per year?
What does a typical day look like for an Application Penetration Tester?
A typical day for an Application Penetration Tester involves planning and executing tests on web and mobile applications to identify security vulnerabilities, documenting findings, and collaborating with development or security teams to discuss remediation strategies. You might spend time replicating attack scenarios, reviewing code, and researching emerging threats or new testing methodologies. Regular team meetings and client briefings are common, especially when working on larger projects or audits. The work is highly dynamic, often requiring you to juggle multiple projects and stay current with evolving security best practices.
Is a penetration tester in demand?
What are the key skills and qualifications needed to thrive in the Application Penetration Tester position, and why are they important?
To thrive as an Application Penetration Tester, you need strong knowledge of application security, vulnerability assessment, and web technologies, typically supported by a degree in computer science, cybersecurity, or a related field. Familiarity with common penetration testing tools such as Burp Suite, OWASP ZAP, Kali Linux, as well as certifications like OSCP or CEH, is highly beneficial. Critical thinking, keen attention to detail, and clear written and verbal communication are essential soft skills for effective reporting and collaboration. These competencies ensure thorough security assessments, actionable findings, and effective teamwork to protect digital assets.
What is an application penetration tester?
What is an Application Penetration Tester job?
An Application Penetration Tester is a cybersecurity professional who assesses the security of applications by simulating real-world attacks. They identify vulnerabilities, exploit weaknesses, and provide recommendations to improve security. Their work involves using automated tools and manual testing techniques to uncover risks. They collaborate with developers and security teams to ensure applications are protected against threats. This role requires knowledge of coding, common exploits, and security frameworks.
How to get into a penetration testing job?
Will pentesters be replaced by AI?
- Penetration Tester Red Team
- Remote Network Penetration Testing
- Freelance Network Penetration Testing
- Overnight International Penetration Tester
- Penetration Testing Engineer
- Senior International Penetration Tester
- Ethical Penetration Testing
- Remote Cybersecurity Penetration Tester
- Physical Penetration Tester
- Full Time Cybersecurity Penetration Tester

Other
Posted 25 days ago
Job description
Job Title: Application Penetration Tester
Locations: Charlotte, NC - Dallas,TX - Minneapolis, MN - Chandler, AZ - Des Moines, IA - Columbus, OH - Raleigh, NC - San Antonio, TX and Washington DC (Hybrid)
Duration: 12 Months
Job/Role Description:
- This role focuses on identifying, validating, and exploiting security vulnerabilities through hands-on, manual penetration testing across a broad range of application technologies.
- This position will conduct application penetration testing on browser-based/web applications, APIs, and mobile applications (mainframe and thick client experience a plus) using primarily manual techniques supplemented by automated tools, including authentication/authorization testing and business-logic abuse cases.
- Perform deep defect analysis by reproducing, validating, and safely demonstrating security impact, including chained attack paths where applicable, while triaging and dispositioning false positives from automated tooling.
- Configure and tune automated application security testing tools to improve coverage, accelerate discovery, and complement manual testing efforts.
- Produce clear, reproducible technical reports with detailed evidence including steps to reproduce, impacted components/endpoints, risk/impact assessment, and practical remediation guidance.
- Collaborate with application development and security teams to ensure shared understanding of defects, support prioritization, and drive timely remediation through defect walkthroughs and follow-up activities.
- Support continuous improvement of penetration testing methodologies and processes by leveraging industry standards and best practices.
- Collaborate with team members to share knowledge, complete peer reviews of reports, and strengthen overall testing capabilities.
- Communicate findings and risks clearly to technical and non-technical stakeholders, supporting readouts, status updates, and remediation Q&A sessions.
Required Qualifications
- 2+ years of hands-on application penetration testing experience with a strong emphasis on manual testing, beyond reviewing or validating automated scanner results
- 2+ years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings
- 2+ years of Cybersecurity experience, or equivalent demonstrated through one or a combination of work experience, training, military experience, or education
- Experience conducting penetration testing on browser-based/web applications and APIs required; experience with mobile, mainframe, or thick client applications a plus
- Proficiency with application security testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler a plus
- Strong knowledge of common application security vulnerabilities and the OWASP Top 10
- Experience with scripting and automation (e.g., Python, Shell) a plus
- Knowledge of security best practices and compliance standards such as PCI DSS and GDPR preferred
- Demonstrated understanding of security risks in AI/ML-enabled applications (e.g., prompt injection, sensitive data exposure, insecure integrations) a plus
- Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent a plus
- Excellent written and verbal communication skills with the ability to convey technical findings clearly to diverse audiences
- Strong problem-solving and analytical skills
- Proven ability to work effectively in a team-oriented, collaborative environment and partner with cross-functional teams
- Ability to prioritize tasks and deliver high-quality results in a dynamic, fast-paced environment
- Highly self-motivated and directed with strong organizational skills and keen attention to detail
- Strong customer service orientation focused on delivering actionable insights and supporting timely remediation
- This position offers a hybrid work schedule with consistent Monday Friday hours (flexible as long as schedule remains consistent)
About Strategystaff
Sourced by ZipRecruiter
Company size
201 - 500 Employees
Headquarters location
Sparta, NJ, US
Year founded
2008