We are seeking a highly skilled Part-Time Penetration Tester with deep expertise in Burp Suite to support our security assessment initiatives. This role is ideal for an experienced, detail-oriented security professional who excels at identifying, analyzing, and exploiting web application vulnerabilities. You will work closely with our IT and security teams to ensure our systems remain secure and compliant with industry best practices. Key Responsibilities Perform manual and automated web application penetration tests with a strong emphasis on Burp Suite tools, extensions, and methodologies. Identify, exploit, and document vulnerabilities including but not limited to authentication flaws, injection attacks, authorization issues, and business logic weaknesses. Capture, analyze, and manipulate web traffic using Burp Suite’s Proxy, Intruder, Repeater, Decoder, and Sequencer. Conduct vulnerability validation and false-positive analysis on findings from scanning tools. Develop clear, actionable remediation recommendations and deliver detailed reports. Collaborate with internal teams to clarify technical details and support remediation validation efforts. Stay current with emerging exploits, application security trends, and Burp Suite extensions. Required Qualifications 3+ years of hands-on penetration testing experience, specifically focused on web applications. Expert-level proficiency with Burp Suite Professional, including advanced features (Intruder payloads, macros, custom extensions, engagement tools, etc.). Strong understanding of OWASP Top 10 vulnerabilities, secure coding concepts, and common attack patterns. Experience with HTTP/S protocols, API testing, session analysis, and authentication testing. Ability to produce concise, high-quality technical reports. Strong analytical and problem-solving skills with attention to detail. Ability to work independently with minimal supervision. Preferred Qualifications Relevant certifications such as OSCP, OSWE, GPEN, GWAPT, or similar. Experience with scripting or automation (Python, Bash, PowerShell). Familiarity with additional security tools (Nmap, SQLMap, Burp extensions, ZAP, etc.). Experience testing API-based platforms or cloud-native applications.