Get new jobs for this search by email

Application Penetration Tester II – Full-Time | Washington, DC We’re supporting a full-time opening for an experienced Application Penetration Tester to join a fast-paced and mission-driven cybersecurity team that’s helping large organizations proactively reduce risk. This is a hands-on technical role where you'll focus on testing modern web and mobile applications for vulnerabilities, working closely with developers and security teams to help strengthen security across the SDLC. This team places a strong emphasis on continuous learning and innovation. If you’re someone who enjoys diving deep into code, simulating real-world adversary behavior, and helping engineering teams build more secure applications - this could be a great fit. What You'll Be Doing: Leading technical testing of web and mobile applications, including manual penetration testing, vulnerability scanning, and validation of security controls. Performing source code reviews to uncover security flaws and providing consulting support based on your findings. Building out and integrating testing approaches into CI/CD pipelines using both static and dynamic analysis tools. Using adversarial tradecraft and threat intel to model realistic attacks and validate control coverage. Creating clear, actionable reports for both technical and non-technical stakeholders. Helping shape new assessments and internal tooling based on previous test results and evolving needs. Staying sharp by contributing to ongoing research, developing new testing techniques, and continuously leveling up your skill set. What We're Looking For: 3+ years of experience in application security, ideally performing pen tests or secure code reviews. (If you come from a strong software engineering background but have done some hands-on testing, that works too!) Solid foundation in application, infrastructure, and system-level security. Experience working across both Windows and *nix environments. Comfortable reading and writing code across several languages (examples: Python, Java, Bash, C#, etc.). Familiar with tools like Burp Suite Pro and a mix of SAST, DAST, and SCA platforms (e.g., Checkmarx, OWASP ZAP, Fortify, Veracode, etc.). Strong communication skills — both in breaking down findings and collaborating across teams. Bonus Points For: Experience reverse-engineering mobile apps or working through anti-emulator/obfuscation defenses. Background in container or cloud security (Docker, Kubernetes, AWS, Azure, etc.). Industry certifications like OSCP, GWAPT, GPEN, or similar. Public contributions to the community (bug bounties, open-source, research, conference talks, etc.). Familiarity with testing APIs and securing mobile platforms (iOS/Android). Applicants must be authorized to work in the U.S. on a full-time basis — unfortunately, no sponsorship is available at this time. Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Consulting and Information Technology Industries IT Services and IT Consulting Referrals increase your chances of interviewing at Colossus Technologies Group by 2x Get notified about new Penetration Tester jobs in Washington DC-Baltimore Area . Cybersecurity Engineer/Analyst (Junior Level | 1-2 years exp.) Leesburg, VA $105,000.00-$140,000.00 1 week ago Hagerstown, MD $180,000.00-$230,000.00 1 month ago Cybersecurity Engineer/Analyst (Junior Level | 1-2 years exp.)- Fairfax County Arlington, VA $58,000.00-$78,000.00 1 day ago Washington, DC $110,000.00-$125,000.00 2 weeks ago Arlington, VA $66,000.00-$106,000.00 3 days ago Washington DC-Baltimore Area $60.00-$63.00 1 week ago Washington DC-Baltimore Area $130,000.00-$175,000.00 3 days ago Washington DC-Baltimore Area $145,000.00-$180,000.00 3 days ago Mid-Level Cybersecurity Analyst/Engineer Washington, DC $130,000.00-$180,000.00 1 week ago Washington, DC $120.00-$125.00 1 month ago HVA Assessment Operator / Penetration Tester (AES Certified) 2027452 Cyber Security Engineer $215,000.00 Bethesda, MD $10,000.00-$215,000.00 2 days ago Cybersecurity Engineer/Analyst (Intermediate-Level | 3-4 years exp.) We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr