1

Dast Tester Jobs (NOW HIRING)

Administers and operates security testing capabilities, including DAST platforms, automated scanning infrastructure, vulnerability validation processes, and security testing automation. Develops and ...

Application Security Analyst

Auburn Hills, MI · On-site

$55.50 - $74.25/hr

Application Security & Testing * Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing * Analyze vulnerabilities and recommend secure coding fixes * Demonstrate ...

next page

Showing results 1-20

Dast Tester information

See salary details

$10

$38

$62

How much do dast tester jobs pay per hour?

As of Jul 11, 2026, the average hourly pay for dast tester in the United States is $38.36, according to ZipRecruiter salary data. Most workers in this role earn between $21.39 and $50.72 per hour, depending on experience, location, and employer.

What are DAST testers?

DAST testers are professionals who use Dynamic Application Security Testing (DAST) tools to identify vulnerabilities in web applications while they are running. Unlike static testing, which examines code without executing it, DAST testers simulate real-world attacks to find security flaws from the outside in, much like a hacker would. Their primary goal is to detect and help remediate issues such as SQL injection, cross-site scripting (XSS), and other security threats before malicious actors can exploit them. DAST testers work closely with development and security teams to ensure applications are secure throughout the software development lifecycle.

What are the key skills and qualifications needed to thrive as a DAST Tester, and why are they important?

To thrive as a DAST Tester, you need a solid understanding of web application security, common vulnerabilities (such as those in the OWASP Top 10), and experience in penetration testing, often supported by a degree in computer science or a related field. Familiarity with Dynamic Application Security Testing (DAST) tools like OWASP ZAP, Burp Suite, or Acunetix, as well as relevant certifications such as CEH or OSCP, is typically required. Analytical thinking, attention to detail, and strong communication skills help DAST Testers identify risks and clearly report findings to stakeholders. These skills are critical to ensuring robust application security and safeguarding organizations from cyber threats.

What is the difference between Dast Tester vs Manual Tester?

AspectDast TesterManual Tester
CertificationsISTQB, Certified Ethical Hacker (CEH)ISTQB, ISTQB Foundation
Work EnvironmentAutomated testing tools, CI/CD pipelinesTest case execution, defect reporting
Industry UsageSoftware development, DevOps teamsQuality assurance, software testing teams

While Dast Testers focus on automated security testing using tools like OWASP ZAP or Burp Suite, Manual Testers perform hands-on testing without automation. Both roles are essential in software quality assurance, but Dast Testers emphasize automation and security, whereas Manual Testers focus on detailed, exploratory testing.

What are the typical challenges faced by a DAST Tester when integrating dynamic application security testing into the CI/CD pipeline?

A common challenge for DAST Testers is ensuring that security tests fit seamlessly into the existing CI/CD workflow without causing significant delays in deployment. Dynamic testing can sometimes result in false positives or require fine-tuning to accurately simulate real-world attacks, which may demand close collaboration with developers and DevOps teams. Effective communication is key, as DAST Testers often need to help interpret results and prioritize remediation of vulnerabilities. Balancing comprehensive security coverage with development speed is crucial to maintaining both secure and agile delivery cycles.
More about Dast Tester jobs
What cities are hiring for Dast Tester jobs? Cities with the most Dast Tester job openings:
What states have the most Dast Tester jobs? States with the most job openings for Dast Tester jobs include:
What job categories do people searching Dast Tester jobs look for? The top searched job categories for Dast Tester jobs are:
Infographic showing various Dast Tester job openings in the United States as of July 2026, with employment types broken down into 92% Full Time, 2% Part Time, 3% Contract, and 3% Nights. Highlights an 74% Physical, 7% Hybrid, and 19% Remote job distribution, with an average salary of $79,791 per year, or $38.4 per hour.
Cybersecurity Code Test Engineer

Cybersecurity Code Test Engineer

Knightscope

Sunnyvale, CA • On-site

Full-time

Medical, Dental, Vision, Retirement, PTO

Re-posted 6 days ago


Job description

Salary: $155,000 $195,000 (DOE)

AboutKnightscope

Knightscope is a security technology company building the Nations First Autonomous Security Force. The Company combines autonomous machines, advanced software, and human expertise to help protect people, property, and critical infrastructure. Knightscopes long-term mission is to make the United States of America the safest country in the world


Job Summary

As a critical defender of our product and infrastructure ecosystem, the Cybersecurity Code Test Engineer will bridge the gap between secure development architectures and robust production systems. Reporting directly to the Director of Cybersecurity, this high-impact role guarantees maximum autonomy and direct escalation paths for product security risks. You will oversee, architect, and execute advanced security testing paradigms across both bare-metal/embedded firmware layers and cloud-native software applications, enforcing adherence to strict secure development lifecycles (SSDF) aligned to NIST SP 800-218 frameworks.


  • Location Requirement: Full-time, on-site at Sunnyvale HQ


About the Role

This engineer owns end-to-end security testing across embedded firmware, cloud-native applications, and the software supply chain, anchored to the NIST SP 800-218 SSDF. Responsibilities include integrating automated security gates into CI/CD pipelines, conducting SAST/DAST across compiled code, microservices, and firmware binaries, and managing SCA tooling with SBOM generation for code provenance and regulatory compliance. The engineer partners with development teams on secure repository practices cryptographic signing, branch protections, and secret-leakage monitoring and participate in threat modeling throughout the product lifecycle. The role also applies AI/ML to advance test generation, vulnerability triage, and firmware fuzzing to stay ahead of known and emergent threats.

Key Responsibilities

  • SSDF Alignment Operationalize and validate engineering practices against NIST SP 800-218 to ensure product resilience, supply chain integrity, and regulatory compliance. Participate in threat modeling early in the product lifecycle to establish security test plans.
  • CI/CD Pipeline Automation Architect and maintain automated security gates within CI/CD engines, with auto-failing builds on high-risk vulnerabilities while preserving developer velocity.
  • SAST/DAST Analysis Implement SAST policies across compiled code, microservices, and firmware binaries to catch logic flaws and unsafe memory operations. Design DAST frameworks to probe runtime applications, APIs, and microservices for structural, access control, and routing vulnerabilities.
  • Software Supply Chain Security Deploy SCA tooling to track open-source licenses, manage technical debt, and surface vulnerabilities in third-party packages. Generate and audit SBOM artifacts in machine-readable formats (CycloneDX, SPDX) for compliance and stakeholder reporting.
  • Repository Management & Access Controls Standardize repository layouts, cryptographic signing, and branch protections. Deploy continuous monitoring to detect accidental secret leakage, API tokens, and embedded credentials.
  • AI-Driven Testing Apply AI/ML to enhance test generation, auto-triage SAST false positives, and identify anomalous behavior. Leverage AI-assisted fuzzing platforms to probe firmware interfaces and network stacks for unknown vulnerabilities.

Required Qualifications

Technical Skill Requirements & Tools

  • Candidates are expected to demonstrate deep familiarity or direct operational proficiency with common, example ecosystems such as the following:
  • CI/CD Platforms: GitHub Actions, GitLab CI/CD, Jenkins, Azure DevOps
  • SAST & DAST Solutions: Veracode, Checkmarx, SonarQube, Burp Suite Professional/Enterprise, OWASP ZAP
  • SCA & SBOM Operations: Snyk, Black Duck, Dependabot, CycloneDX CLI, Syft / Grype
  • Firmware & Embedded Analysis: Ghidra, IDA Pro, Binwalk, Radare2, JTAG/UART hardware debugging interfaces
  • AI-Assisted Security & Fuzzing: GitHub Copilot for Security, AFL++ (American Fuzzy Lop), LibFuzzer, Custom LLM-assisted code review agents


Experience & Qualifications

  • Education: Bachelors degree in computer science, Cybersecurity, Computer Engineering, or an equivalent technical field (Master's preferred). Equivalent practical experience is highly valued.
  • Experience: Minimum of 46 years of dedicated experience in software engineering, application security, and embedded firmware vulnerability assessment.
  • Firmware Domain Expertise: Demonstrated capacity analyzing hardware formats, embedded operating systems (RTOS/Embedded Linux), memory corruption boundaries (buffer overflows, race conditions), and hardware security architectures (TPM, Secure Boot).
  • Programming Fluency: Strong capabilities writing and debugging scripts in Python, C/C++, Rust, Go, or Bash to customize automated tooling wrappers.
  • Certifications (Preferred): CSSLP (Certified Secure Software Lifecycle Professional), GSSP-C/GSSP-Java, CEH, or advanced hardware security credentials (OSCP, OSCE).


Compensation & Benefits

  • Base Salary:$155,000 $195,000 (DOE)
  • Equity:Stock options
  • Benefits:Medical, dental, vision, 401(k), paid time off
  • Location Requirement: Full-time, on-site at Sunnyvale HQ