[Hiring] Web Application Penetration Tester @KirkpatrickPrice

Role Description

KirkpatrickPrice is seeking a Penetration Tester who enjoys teaching as much as testing. We’re a security partner to companies new to the need for penetration testing. Our clients need security experts who are experienced, patient, and communicate well, to help them discover vulnerabilities and teach them how to strengthen their defenses. We love empowering and inspiring our clients to effectively protect their most sensitive data.

This particular position requires strong experience testing web applications, while also supporting network, mobile application, and emerging AI security assessments.

• Hands-on web application testing experience.
• Possess the GWAPT, PWPA or equivalent penetration testing certifications.
• Ability and desire to teach and mentor.
• Experience testing mobile applications, APIs, cloud environments, and AI-enabled applications or large language model (LLM) integrations.
• Experience with web development, app development, and evaluating the OWASP Top 10, OWASP Mobile Top 10, and broader OWASP testing methodologies.

Qualifications

• Possess an extreme level of integrity.
• Apply diligence to the project to benefit the client.
• Passionate about teaching clients applicable cybersecurity concepts.
• Strong desire to contribute to and learn from an open and collaborative team.
• Able to communicate complex technical issues clearly to both technical and non-technical audiences.

Requirements

• Skillful in analyzing a company’s defenses and designing an effective attack plan.
• Capable of understanding and interpreting a wide range of business environments including financial services, healthcare, technology providers, retail, and SaaS environments.
• Strong experience performing web application penetration testing, with additional experience testing internal and external network infrastructure.
• Experience performing iOS and Android mobile application penetration testing in alignment with methodologies such as the OWASP Mobile Application Security Testing Guide (MASTG) and OWASP Mobile Top 10.
• Familiarity with AI and LLM security testing concepts such as prompt injection, insecure plugin or agent functionality, data exposure risks, authorization weaknesses, and abuse of AI integrated business workflows.
• Knowledge of and ability to operate within major cloud environments such as Azure, AWS, and Google Cloud.
• Ability to understand client needs and present remediation guidance in a collaborative and approachable manner.
• Hold certifications relevant to the requirements detailed above.

Benefits

• Energetic about working in a small company environment and contributing to KirkpatrickPrice’s growth.
• Efficient with the latest penetration testing tools, techniques, and exploits.
• Passionate about continuous research and improving technical tradecraft.
• Excited to collaborate closely with colleagues across the penetration testing team.
• Must detest a daily commute to an office; virtual office experience is essential.
• Must reside near our clients, which means anywhere in America.