Strategic Staffing Solutions is hiring: Penetration Tester in Denver

Penetration Tester

This is a Contract Opportunity with our company that MUST be worked on a W2 Only. No C2C eligibility for this position. Visa Sponsorship is Available! The details are below.

Beware of scams. S3 never asks for money during its onboarding process.

Onsite Work

We are seeking an experienced Penetration Tester to conduct comprehensive security assessments of enterprise web applications. This role focuses on identifying exploitable vulnerabilities, validating the effectiveness of existing security controls, and delivering actionable remediation guidance to strengthen the organization’s application security posture within a regulated financial services environment.

The ideal candidate combines strong hands‑on technical testing skills with the ability to clearly communicate risk to both technical and executive stakeholders.

Scope of Work

• Perform scoped penetration testing on designated web applications and supporting components.
• Identify, validate, and exploit vulnerabilities across:
• Authentication and authorization mechanisms
• Input validation and data handling
• Session management
• API endpoints and third‑party integrations
• Business logic and workflow flaws
• Assess applications against OWASP Top 10 and other applicable security standards and best practiceSalternatives.
• Conduct manual penetration testing, supplemented by automated tooling where appropriate.
• Analyze and prioritize findings based on impact, exploitability, and likelihood, aligned with Western Union risk rating methodologies.
• Collaborate with application, security, and engineering teams to clarify findings and remediation approaches.

Reporting & Documentation

• Produce comprehensive penetration testing reports that include:
• Executive‑level summary of risk and exposure
• Detailed technical findings with clear reproduction steps
• Proof‑of‑concept exploits or attack paths
• Practical, prioritized remediation recommendations
• Communicate results effectively to both technical and non‑technical audiences.

Required Qualifications

• Proven experience conducting web application penetration testing in enterprise or regulated environments.
• Strong working knowledge of:
• OWASP Top 10
• Business logic vulnerabilities, particularly within financial services applications
• Familiarity with secure coding practices and modern web frameworks.
• Proficiency with industry‑standard penetration testing tools, including:
• Burp Suite
• OWASP ZAP
• Similar web application security testing tools
• Demonstrated ability to produce clear, actionable security reports tailored to diverse audiences.
• Formal vulnerability assessment report with severity ratings and risk prioritization
• Retesting and validation following remediation to confirm closure of identified issues

Seniority Level

Mid‑Senior level

Employment Type

Contract

Job Function

Information Technology

Industries

IT Services and IT Consulting, IT System Testing and Evaluation, and IT System Operations and Maintenance