ZipRecruiter

Log In

1

Security Testing Web Application Sast Jobs (NOW HIRING)

Xtreme Solutions Corporate

MI · On-site

Minimum 5 years of application security testing experience. * Experience testing: * Web ... Experience with SAST/DAST tools. * FedRAMP assessment experience.

Clear Capital

Application Security Engineer

$60.25 - $80.25/hr

... Testing (SAST), Open Source Security (OSS) testing, Software Composition Analysis (SCA ... Web Application Penetration Tester (GWAPT) • Experience testing web applications for OWASP Top ...

Jobsbridge

Application Security Engineer

Torrance, CA · On-site

$61.25 - $82/hr

... Testing (SAST) o Dynamic Application Security Testing (DAST) o Mobile application security (iOS ... Strong knowledge of secure development practices Deep knowledge of common web application ...

Stellantis

Application Security Analyst

Auburn Hills, MI · On-site

$55.50 - $74.25/hr

Perform security testing: SAST, DAST, IAST, mobile security, and dynamic testing * Analyze ... Lead Web Application Firewall (WAF) deployment for new and existing apps * Implement application ...

next page

Showing results 1-20

People also search for

All JobsSecurity Testing Web Application Sast Jobs

Security Testing Web Application Sast information

See salary details

$29

$66

$96

How much do security testing web application sast jobs pay per hour?

As of Jun 6, 2026, the average hourly pay for security testing web application sast in the United States is $66.40, according to ZipRecruiter salary data. Most workers in this role earn between $56.49 and $75.48 per hour, depending on experience, location, and employer.

What is Security Testing Web Application SAST?

Security Testing Web Application SAST (Static Application Security Testing) is a process used to identify vulnerabilities in the source code, bytecode, or binary code of web applications without executing the program. SAST helps developers find security flaws early in the software development lifecycle by scanning the application's codebase for common vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure data handling. This proactive approach enables organizations to fix security issues before deployment, reducing the risk of cyberattacks and data breaches. SAST tools integrate with development environments to provide real-time feedback and facilitate secure coding practices.

What are the key skills and qualifications needed to thrive as a Security Testing Web Application SAST specialist, and why are they important?

To thrive as a Security Testing Web Application SAST specialist, you need expertise in application security, software development principles, and vulnerability assessment, often supported by a degree in computer science or cybersecurity. Familiarity with static application security testing (SAST) tools like SonarQube, Checkmarx, or Veracode and relevant certifications such as CISSP or CEH is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify vulnerabilities and relay findings to development teams. These skills are crucial for proactively securing applications, meeting compliance standards, and reducing organizational risk from software vulnerabilities.

What is the difference between Security Testing Web Application Sast vs Penetration Tester?

AspectSecurity Testing Web Application SastPenetration Tester
CertificationsOWASP, CEH, CISSPOSCP, CEH, GPEN
Work EnvironmentAutomated testing, code analysis, CI/CD pipelinesManual testing, live environment assessments
Industry UsageSoftware development, DevSecOpsSecurity consulting, offensive security

Security Testing Web Application Sast focuses on automated static analysis of source code to identify vulnerabilities early in the development process. Penetration Testers perform manual and automated testing to exploit vulnerabilities in live systems. While SAST is integrated into development workflows, penetration testing is often conducted post-deployment to assess real-world security. Both roles require security certifications and are vital in securing web applications, but they differ in approach and timing.

What are some common challenges faced by professionals performing SAST (Static Application Security Testing) on web applications?

One common challenge in SAST for web applications is accurately identifying and prioritizing true security vulnerabilities while minimizing false positives, which can be time-consuming. Additionally, integrating SAST tools seamlessly into the development pipeline and ensuring timely feedback to developers can require collaboration across teams. Security testers also need to stay updated on evolving threats and new coding practices, as web application frameworks and technologies frequently change. Effective communication with developers is essential to help them understand and remediate vulnerabilities efficiently.
Web Application Tester

Web Application Tester

Xtreme Solutions Corporate

MI • On-site

Full-time

Posted 4 days ago

Job description

Description:


Position Summary

The Senior Web Application Penetration Tester performs security assessments of web applications, APIs, mobile applications, and cloud-hosted platforms. This role focuses on identifying application-layer vulnerabilities and validating exploitability. One week engagement.


Key Responsibilities
  • Conduct OWASP Top 10 assessments.
  • Perform authenticated and unauthenticated testing.
  • Assess REST, SOAP, GraphQL, and microservice APIs.
  • Conduct source code reviews when required.
  • Validate remediation efforts.
  • Develop detailed technical findings and risk ratings.
  • Support security architecture reviews.

Requirements:Required Qualifications
  • Minimum 5 years of application security testing experience.
  • Experience testing:
    • Web applications
    • APIs
    • Mobile applications
    • Cloud-native environments
  • Knowledge of:
    • OWASP ASVS
    • OWASP Top 10
    • Secure SDLC
  • Certification preferred:
    • OSCP
    • eWPT
    • CEH
    • GWAPT
    • CREST CRT
Nice-to-Have
  • Secure coding experience.
  • Experience with SAST/DAST tools.
  • FedRAMP assessment experience.