Senior Web Application Penetration Tester – Cybersecurity

MatchPoint Solutions is a fast-growing young energetic global IT-Engineering services company with clients across the US. We provide technology solutions to various clients like Uber Robinhood Netflix Airbnb Google Sephora and more! More recently we have expanded to working internationally in Canada China Ireland UK Brazil and India. Through our culture of innovation we inspire build and deliver business results from idea to outcome. We keep our clients on the cutting edge of the latest technologies and provide solutions by using industry-specific best practices and expertise.

We are excited to be continuously expanding our team. If you are interested in this position please send over your updated resume. We look forward to hearing from you!

Job Description

• The Senior Web Application Penetration Tester is responsible for identifying security vulnerabilities in internally developed and third-party web applications used across the Utility. This role focuses exclusively on application-layer security testing helping ensure that customer-facing and internal web applications are resilient against real-world threats. The position works closely with application development cloud and security teams to reduce risk and improve secure development practices.

• Web Application & API Penetration Testing
• Conduct manual and automated penetration testing of web applications and RESTful APIs
• Identify and exploit common and advanced web vulnerabilities (e.g. OWASP Top 10 business logic flaws)
• Test authentication authorization session management and access controls
• Perform API security testing including authorization bypass mass assignment and input validation flaws
• Assess application security across development test and production environments (as authorized) Secure SDLC & Collaboration
• Partner with application development and DevSecOps teams to integrate security testing into the SDLC
• Provide guidance on secure coding practices and vulnerability remediation
• Support threat modeling and design reviews for new or enhanced applications Reporting & Risk Communication
• Produce detailed penetration test reports with clear reproduction steps and remediation recommendations
• Communicate risk in business-appropriate language for technical and non-technical stakeholders
• Validate remediation through follow-up testing and re-assessments Tools & Techniques
• Use industry-standard tools such as Burp Suite OWASP ZAP Postman and custom scripts
• Leverage manual testing techniques to identify business logic and workflow vulnerabilities
• Stay current on emerging web application attack techniques and defenses Required Qualifications
• 6 years of cybersecurity experience with a strong focus on web application penetration testing
• Demonstrated experience testing modern web applications and APIs
• Strong understanding of HTTP/S REST JSON authentication mechanisms and web architectures
• Proficiency with tools such as Burp Suite Pro and API testing tools
• Working knowledge of at least one scripting or programming language (e.g. Python JavaScript or PowerShell)
• Strong written and verbal communication skills
• Preferred Qualifications
• Experience testing customer-facing applications in regulated environments
• Familiarity with cloud-hosted applications and CI/CD pipelines
• Knowledge of OWASP ASVS SAMM or similar application security standards
• Certifications such as OSCP GWAPT OSWE or similar
  

MatchPoint Solutions provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.

This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training.