Tanisha Systems, Inc
Penetration Testing Engineer
Tanisha Systems, Inc, Charlotte, North Carolina, United States, 28245
Cybersecurity Penetration Testing Engineer – Application & API Security
Location – preferably in Charlotte, NC
Must have - Expertise in Burp Suite, API testing and Penetration Testing
Job Summary –
The Penetration Testing Engineer
will be responsible for conducting in-depth
web application, mobile application, and API security testing
across business-critical platforms.
The role requires
hands‑on expertise in Burp Suite , deep understanding of
offensive security methodologies , and the ability to identify, exploit, and document security vulnerabilities.
The engineer will work closely with development, DevSecOps, and risk teams to
ensure secure SDLC practices
and support remediation of discovered vulnerabilities.
Years of experience needed –
5–8 years of total experience in application or API penetration testing, with at least 3+ years in hands‑on offensive test.
Key Responsibilities: Penetration Testing & Vulnerability Assessment
Perform
manual and automated penetration testing
on web, mobile, and API endpoints.
Use
Burp Suite Professional
extensively for intercepting, modifying, and exploiting HTTP/S traffic.
Conduct
source code‑assisted testing
when applicable to identify deeper logic flaws.
Simulate real‑world attack scenarios using
OWASP Top 10, SANS 25, and API Security Top 10
frameworks.
Identify authentication, authorization, session management, and input validation flaws.
API Security Testing
Perform
REST and GraphQL API penetration testing , including JWT, OAuth, and token manipulation.
Validate
business logic vulnerabilities
and parameter tampering across microservices.
Use tools such as
Postman, Burp Suite, and OWASP ZAP
for fuzzing, interception, and payload injection.
Validate API schema misconfigurations, rate limiting, and data exposure issues.
Offensive Security & Exploitation
Execute
custom payloads and exploits
to demonstrate risk severity to stakeholders.
Develop
proof‑of‑concept (PoC)
exploits to validate identified vulnerabilities.
Emulate attacker tactics, techniques, and procedures (TTPs) from
MITRE ATT&CK
and
CWE
references.
Perform targeted assessments on authentication bypass, privilege escalation, and input deserialization.
Reporting & Remediation Support
Document detailed findings, reproduction steps, impact analysis, and mitigation recommendations.
Collaborate with developers and DevSecOps teams to ensure timely patching and secure code fixes.
Participate in
vulnerability triage
and
retesting
post‑remediation.
Present reports to technical and management stakeholders in clear, risk‑prioritized language.
Security Process & Continuous Improvement
Integrate testing results into
CI/CD pipelines
where possible (DevSecOps enablement).
Contribute to
secure coding guidelines
and training sessions for developers.
Evaluate emerging attack trends, new CVEs, and offensive security tools to keep the testing framework current.
Assist in developing internal scripts, extensions, or automation workflows for testing efficiency.
Technical Skills
Burp Suite Professional
– expert‑level usage (Intruder, Repeater, Decoder, Extender).
Familiarity with
OWASP ZAP ,
Nmap ,
Metasploit ,
SQLmap ,
DirBuster ,
Hydra , and
Ffuf .
Deep understanding of
OWASP Top 10
(Web & API) and
CWE Top 25
vulnerabilities.
Strong ability to identify and exploit
logic‑based and authentication‑related flaws .
Programming & Scripting
Experience writing small custom scripts or Burp extensions for advanced payloads.
Understanding
HTTP/HTTPS ,
REST ,
GraphQL ,
JSON , and
XML
protocols.
Offensive Security
Practical experience in
vulnerability exploitation ,
reverse engineering , or
red team
engagements.
Familiarity with
exploit development frameworks ,
C2 tools (Cobalt Strike, Empire)
is a plus.
Ability to simulate APT‑style threat actor behavior and persistence mechanisms.
API / Cloud Security (Preferred)
Knowledge of
API gateways (Kong, Apigee)
and
microservices architectures .
Awareness of
cloud‑native security testing (AWS, Azure, GCP)
and container security (Docker/Kubernetes).
Qualifications
Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
5–8 years of total experience in
application or API penetration testing , with at least 3+ years in
hands‑on offensive testing .
Strong report writing and presentation skills for both technical and non‑technical audiences.
Preferred Certifications:
Seniority level Mid‑Senior level
Employment type Contract
Job function Engineering and Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr
Location – preferably in Charlotte, NC
Must have - Expertise in Burp Suite, API testing and Penetration Testing
Job Summary –
The Penetration Testing Engineer
will be responsible for conducting in-depth
web application, mobile application, and API security testing
across business-critical platforms.
The role requires
hands‑on expertise in Burp Suite , deep understanding of
offensive security methodologies , and the ability to identify, exploit, and document security vulnerabilities.
The engineer will work closely with development, DevSecOps, and risk teams to
ensure secure SDLC practices
and support remediation of discovered vulnerabilities.
Years of experience needed –
5–8 years of total experience in application or API penetration testing, with at least 3+ years in hands‑on offensive test.
Key Responsibilities: Penetration Testing & Vulnerability Assessment
Perform
manual and automated penetration testing
on web, mobile, and API endpoints.
Use
Burp Suite Professional
extensively for intercepting, modifying, and exploiting HTTP/S traffic.
Conduct
source code‑assisted testing
when applicable to identify deeper logic flaws.
Simulate real‑world attack scenarios using
OWASP Top 10, SANS 25, and API Security Top 10
frameworks.
Identify authentication, authorization, session management, and input validation flaws.
API Security Testing
Perform
REST and GraphQL API penetration testing , including JWT, OAuth, and token manipulation.
Validate
business logic vulnerabilities
and parameter tampering across microservices.
Use tools such as
Postman, Burp Suite, and OWASP ZAP
for fuzzing, interception, and payload injection.
Validate API schema misconfigurations, rate limiting, and data exposure issues.
Offensive Security & Exploitation
Execute
custom payloads and exploits
to demonstrate risk severity to stakeholders.
Develop
proof‑of‑concept (PoC)
exploits to validate identified vulnerabilities.
Emulate attacker tactics, techniques, and procedures (TTPs) from
MITRE ATT&CK
and
CWE
references.
Perform targeted assessments on authentication bypass, privilege escalation, and input deserialization.
Reporting & Remediation Support
Document detailed findings, reproduction steps, impact analysis, and mitigation recommendations.
Collaborate with developers and DevSecOps teams to ensure timely patching and secure code fixes.
Participate in
vulnerability triage
and
retesting
post‑remediation.
Present reports to technical and management stakeholders in clear, risk‑prioritized language.
Security Process & Continuous Improvement
Integrate testing results into
CI/CD pipelines
where possible (DevSecOps enablement).
Contribute to
secure coding guidelines
and training sessions for developers.
Evaluate emerging attack trends, new CVEs, and offensive security tools to keep the testing framework current.
Assist in developing internal scripts, extensions, or automation workflows for testing efficiency.
Technical Skills
Burp Suite Professional
– expert‑level usage (Intruder, Repeater, Decoder, Extender).
Familiarity with
OWASP ZAP ,
Nmap ,
Metasploit ,
SQLmap ,
DirBuster ,
Hydra , and
Ffuf .
Deep understanding of
OWASP Top 10
(Web & API) and
CWE Top 25
vulnerabilities.
Strong ability to identify and exploit
logic‑based and authentication‑related flaws .
Programming & Scripting
Experience writing small custom scripts or Burp extensions for advanced payloads.
Understanding
HTTP/HTTPS ,
REST ,
GraphQL ,
JSON , and
XML
protocols.
Offensive Security
Practical experience in
vulnerability exploitation ,
reverse engineering , or
red team
engagements.
Familiarity with
exploit development frameworks ,
C2 tools (Cobalt Strike, Empire)
is a plus.
Ability to simulate APT‑style threat actor behavior and persistence mechanisms.
API / Cloud Security (Preferred)
Knowledge of
API gateways (Kong, Apigee)
and
microservices architectures .
Awareness of
cloud‑native security testing (AWS, Azure, GCP)
and container security (Docker/Kubernetes).
Qualifications
Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.
5–8 years of total experience in
application or API penetration testing , with at least 3+ years in
hands‑on offensive testing .
Strong report writing and presentation skills for both technical and non‑technical audiences.
Preferred Certifications:
Seniority level Mid‑Senior level
Employment type Contract
Job function Engineering and Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr