Senior|Lead API Pen Tester (remote contract) Apply
We are seeking a highly skilled and experienced Senior Penetration Tester specializing in APIs to join our project team. In this critical role, you will lead an effort test hundreds of API s for our client.
The ideal candidate will have a strong background in cybersecurity, with specific expertise in conducting advanced penetration tests on web services and APIs to identify vulnerabilities and security flaws. This role involves working closely with our development and security teams to enhance the security posture of our APIs and ensure the protection of our data and systems.
Location: 100% Remote/Continental US
This is a contact job expected to last at least 1 year and paying around $75-80/hr W2.
What You Will Do:
- Conduct comprehensive penetration tests on APIs, including RESTful and SOAP services, to identify vulnerabilities such as injection attacks, broken authentication, security misconfigurations, and data exposure.
- Develop and execute sophisticated testing strategies, scripts, and procedures for APIs, considering authentication, encryption, and access control mechanisms.
- Collaborate with development teams to provide guidance on how to secure APIs against common security threats and vulnerabilities identified during testing.
- Perform threat modeling and risk assessments for APIs to prioritize security issues based on potential impact.
- Stay up-to-date with the latest API security threats, vulnerabilities, and testing tools; incorporate this knowledge into penetration testing practices.
- Document findings from penetration tests, providing detailed technical reports and executive summaries that outline identified vulnerabilities, the potential impact, and recommended remediation strategies.
- Participate in the development and refinement of API security policies, standards, and guidelines to improve overall security posture.
- Mentor junior penetration testers and security team members, sharing knowledge and promoting best practices in API security.
- Work with security incident response teams to investigate and respond to security incidents involving APIs, as needed.
What Gets You The Job:
- Bachelor s or Master s degree in Computer Science, Information Security, or a related field.
- Professional certifications such as OSCP (Offensive Security Certified Professional), GWAPT (GIAC Web Application Penetration Tester), or equivalent are highly desirable.
- Minimum of 5 years of experience in cybersecurity, with at least 3 years focused on penetration testing and API security.
- Strong understanding of API technologies (REST, SOAP, GraphQL) and security standards (OAuth, OpenID Connect, JWT).
- Proficient in using penetration testing tools and frameworks (such as Burp Suite, Postman, OWASP ZAP) specifically for API testing.
- Knowledge of programming and scripting languages (e.g., Python, JavaScript) is advantageous for developing custom testing scripts and tools.
- Excellent problem-solving skills, with the ability to think creatively about complex security challenges.
- Strong communication skills, with the ability to translate technical vulnerabilities into business risk terminology for stakeholders.
Irvine Technology Corporation (ITC) is a leading provider of technology and staffing solutions for IT, Security, Engineering, and Interactive Design disciplines servicing startups to enterprise clients, nationally. We pride ourselves in the ability to introduce you to our intimate network of business and technology leaders bringing you opportunity coupled with personal growth, and professional development! Join us. Let us catapult your career!
Irvine Technology Corporation provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Irvine Technology Corporation complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
