CrawlJobs Logo
Realign Logo Realign · IT - Software Development

Penetration Tester / Application Security Engineer

Mexico, Monterrey 545000.00 USD / Year · Job Posted March 21, 2026
Apply Position
Job Link Share

Job Description

We are looking for a skilled Penetration Tester / Application Security Engineer with strong hands-on experience in Kali Linux, Nessus, code review, SAST, and DAST to identify, analyze, and remediate security vulnerabilities across applications, networks, and systems. The role involves conducting security assessments, penetration testing, and collaborating with development teams to strengthen the overall security posture.

Requirements

  • Penetration testing - Kali Linux, Nessus, Code Review, SAST and DAST
  • Perform penetration testing on web applications, APIs, networks, and infrastructure using Kali Linux tools
  • Conduct vulnerability assessments using tools like Nessus and analyze risk levels
  • Perform manual and automated code reviews to identify security flaws and insecure coding practices
  • Execute SAST (Static Application Security Testing) to detect vulnerabilities in source code early in the SDLC
  • Perform DAST (Dynamic Application Security Testing) on running applications to identify runtime vulnerabilities
  • Identify and exploit security weaknesses such as OWASP Top 10 vulnerabilities
  • Document findings, create detailed penetration testing reports, and provide remediation recommendations
  • Work closely with developers, DevOps, and QA teams to fix vulnerabilities and improve secure coding practices
  • Validate fixes through re-testing and regression security testing
  • Support compliance requirements (ISO 27001, SOC 2, PCI-DSS, etc.) where applicable
Realign - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Penetration Tester / Application Security Engineer

8 matching positions

Cyber Security Research Engineer 3 / Application Penetration Tester

In this contingent resource assignment, you may: Consult on or participate in mo...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
apexsystems.com Logo
Apex Systems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of hands-on application penetration testing experience (manual testing required)
  • Experience with DAST tools and validating/triaging vulnerabilities
  • Strong knowledge of web application security (OWASP Top 10, APIs, authentication/authorization)
Job Responsibility
Job Responsibility
  • Conduct manual penetration testing of web applications, APIs, and mobile platforms
  • Perform authentication, authorization, and business logic testing
  • Identify, validate, and exploit vulnerabilities beyond automated scanner results
  • Configure and tune DAST tools to enhance testing coverage
  • Use industry tools (Burp Suite, WebInspect, Fiddler, etc.) to support manual testing
  • Triage false positives and validate scan findings
  • Reproduce and demonstrate security vulnerabilities with clear impact
  • Document findings with detailed steps, evidence, and remediation guidance
  • Deliver high-quality reports for both technical and non-technical audiences
  • Partner with development and security teams to drive vulnerability remediation
What we offer
What we offer
  • Medical
  • Dental
  • Vision
  • Life insurance
  • Disability insurance
  • ESPP (employee stock purchase program)
  • 401K program with company match after 12 months
  • HSA (Health Savings Account on the HDHP plan)
  • SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions
  • Corporate discount savings program
  • Fulltime
Read More
Arrow Right

Security Engineer / Penetration Tester

Conduct security audits and penetration testing on all web application projects ...
Location
Location
Vietnam , Da Nang
Salary
Salary:
Not provided
saigontechnology.com Logo
Saigon Technology
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 1-3 years of experience in application security, penetration testing, or security engineering (Junior to Middle level)
  • Solid understanding of OWASP Top 10 and common web application vulnerabilities (SQLi, XSS, CSRF, SSRF, IDOR, authentication and session flaws, insecure deserialization)
  • Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Nmap, sqlmap, Metasploit
  • Ability to perform manual penetration testing of web applications and REST APIs (black-box and grey-box)
  • Good understanding of authentication, authorization, encryption (TLS, hashing, JWT), and secure coding principles
  • Ability to write clear, actionable security audit reports in English
  • Strong analytical and problem-solving skills, ownership mindset
Job Responsibility
Job Responsibility
  • Conduct security audits and penetration testing on all web application projects we are implementing for our clients to ensure no security risks before production release
  • Perform vulnerability assessments, security code reviews, and threat modeling across all client projects
  • Collaborate with development teams to remediate identified security issues and provide secure coding guidance
  • Document findings in detailed security audit reports with reproducible steps and recommended fixes
  • Support manager to build, maintain, and improve internal security testing checklists, tools, and processes
  • Research and keep up-to-date with the latest security threats, CVEs, and best practices
  • Support pre-release security sign-off as part of the production release process
What we offer
What we offer
  • 13th-month salary, salary review twice/year and project bonus
  • Bonus programs for candidate referral, technical article writing
  • Allowance for sickness, maternity, paternity and periodic health examination
  • PVI health care program
  • The staff of the quarter and year reward
  • A professional English-speaking working environment with Agile – Scrum model
  • Hybrid Working Model: Flexible working time and WFH support
  • Annual company trip and regular team-building parties, party celebration (Christmas, Birthday, Mid-autumn,...), Sports clubs (football, badminton, swimming …)
  • Sponsor examination fee for professional certificates (AWS, Azure, IELTS, PMP, Scrum Master,...)
  • Sponsor fee for joining any technical training sessions and courses
  • Fulltime
Read More
Arrow Right

Application Security Engineer

We're looking for an intermediate Application Security Engineer to join our Info...
Location
Location
Salary
Salary:
Not provided
talentsafari.io Logo
Talent Safari
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 3 years in application security, IT security, or software development with a security focus
  • Hands-on experience with penetration testing, vulnerability assessments, and secure code reviews
  • Proven experience with SAST, DAST, and threat modelling frameworks
  • Practical knowledge of secure software development practices (OWASP Top 10, CWE)
  • Hands-on development experience or scripting ability (Python, JavaScript, Bash)
  • Strong understanding of web application security, API security, and cloud security concepts (AWS, Azure, or GCP)
  • Understanding of DevSecOps principles and CI/CD security integration
  • Excellent communication skills with the ability to explain complex security concepts to technical and non-technical audiences
  • Collaborative mindset with the ability to work cross-functionally
Job Responsibility
Job Responsibility
  • Application Security Testing: Conduct web and mobile application security assessments and API security testing. Perform threat modelling, secure code reviews, and attack surface analysis. Support SAST and DAST initiatives
  • Vulnerability Management: Assist in managing the vulnerability lifecycle. Coordinate internal and external security assessments, ensuring proper scoping and timely delivery. Track and report on remediation progress
  • Secure Development Lifecycle (SDLC) Integration: Ensure secure coding practices are followed. Collaborate with developers, testers, and business analysts to provide proactive security guidance during development sprints. Contribute to security frameworks, checklists, and guidelines (aligned with OWASP, NIST, MITRE). Work on DevSecOps testing and protective controls
  • Incident Response Support: Assist in the investigation and resolution of application security incidents. Contribute to post-incident analysis and implement preventative measures
  • Continuous Improvement & Innovation: Stay informed about cybersecurity trends, emerging threats, and attack vectors. Research and contribute to the implementation of innovative security solutions. Identify process improvements to enhance the efficiency and effectiveness of security assessments
What we offer
What we offer
  • Competitive compensation package and benefits
  • Stripe Equity compensation
  • Full medical coverage
  • Wellbeing stipend
  • Generous leave and sabbatical policies
  • Hybrid working environment
  • Smart, kind colleagues who’re invested in your growth
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , San Francisco
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , Austin
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Ensure security in the development cycle while simultaneously creating a condition where technical teams are not burdened by controls
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
  • Process several simultaneous technical and administrative inputs while consistently working towards clear goals for remediation and containment
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , Chicago
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Application Penetration Tester

We are looking for security engineer who loves solving interesting problems and ...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
https://www.bosch.pl/ Logo
Robert Bosch Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 5 years of combined experience in penetration testing and security engineering roles
  • Professional certifications such as OSCP, CEH, CISSP, CISM, or equivalent
  • Advanced level of understanding of OWASP Top 10, CVE, general security controls, and other foundational topics such as the latest web application system exploits
  • Attacker mindset for breaking the websites with practical knowledge of OWASP
  • Commanding knowledge of VAPT concepts and best practices, including the requirements for WhiteHat/ethical hacking
  • Expert understanding of the difference between a vulnerability assessment and a penetration test in the context of assessment scope, objectives, and deliverables
  • In depth experience with common automated VAPT tools such as Nessus, Burp Suite
  • Proficiency with other common attack tools and frameworks such as Wireshark, Kali, Metasploit, etc.
  • Working knowledge of DevSecOps, CIS Security benchmarks, scripting languages (Python, PowerShell, Bash) for automation
  • Fluent English (both verbal and written)
Job Responsibility
Job Responsibility
  • Black-box and Grey Box penetration test applications
  • Security testing including reverse engineering of Mobile applications (Android and iOS)
  • Create innovative attacks tools/automations for project specific needs
  • Communicate complex vulnerability results to technical and non-technical audience
  • Perform research and contribute to open-source community on new attack methodology, vulnerability findings
  • Scope penetration tests and contribute to penetration test project management
What we offer
What we offer
  • Competitive salary + annual bonus
  • Hybrid work with flexible working hours
  • Referral Bonus Program
  • Copyright costs for IT employees
  • Private medical care and life insurance
  • Cafeteria System with multiple benefits (incl. MultiSport, shopping vouchers, cinema tickets, etc.)
  • Prepaid Lunch Card
  • Number of benefits for families (for instance summer camps for kids)
  • Non-working day on the 31st of December
  • Fulltime
Read More
Arrow Right

Cyber Engineer and Penetration Tester

This Cyber Security Project Engineer will provide highly technical and in-depth ...
Location
Location
United States , Herndon
Salary
Salary:
Not provided
leadingpath.com Logo
Leading Path Consulting
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated work experience in cyber security or related IT field
  • Demonstrated experience with cyber penetration testing
  • Demonstrated experience leveraging adversarial tactics to conduct hands-on security testing
  • Demonstrated experience applying computer attack methods and system exploitation techniques
  • Demonstrated working knowledge of cyber security principles for Linux, Windows, and virtual platforms
  • Demonstrated experience designing, testing, or implementing IT security architecture
  • Demonstrated experience performing network security analysis
  • Demonstrated experience analyzing network architectures
  • Demonstrated experience using network management tools
  • Demonstrated experience developing risk management methodologies
Job Responsibility
Job Responsibility
  • Document all identified system risks, planned test procedures, and results
  • Perform analyses of vulnerabilities identified during testing
  • Review program-level documentation such as requirements specification, system architecture, design documents, test plans, and security plans
  • Create and document penetration testing plans and procedures
  • Conduct hands-on penetration testing by leveraging approved testing plans and procedures
  • Analyze penetration test results, document risks, and recommend countermeasures to uncovered risks
  • Participate or lead technical exchange meetings and application review boards
  • Document action items and results from technical exchange meetings and application review boards
  • Brief management on the status of action items and results of activities
What we offer
What we offer
  • Vacation – 5 weeks of accrued paid vacation per year (i.e., 8.33 hours accrued per pay period worked)
  • Holidays - Paid holidays published annually by the Office of Personnel Management, excluding Inauguration Day
  • 100% paid for Health Benefits* (United Healthcare, Guardian Dental, VSP Vision, MetLife, Life and Disability Insurance and annual $1500 employer HSA contribution on qualified plans) *health benefits kick in the 1st of the month following your start date
  • 6% 401k Contribution (3% paid out during each pay period, the additional 3% will be paid out as a lump sum in Q1 each year)
  • Training Reimbursement – Approved training and education expenses will be reimbursed
  • Travel Expenses – Approved travel expenses will be reimbursed
  • Fulltime
Read More
Arrow Right