Enable job alerts via email!
Web Application Pentester
ZeroPath
Amherst (MA)
Remote
USD 80,000 - 100,000
Part time
Job summary
A cybersecurity firm is seeking a part-time contractor for penetration testing roles focused on web application security. The ideal candidate will perform dynamic testing and manual code reviews, delivering clear reports for clients. This position offers flexibility in hours, suited for US-based students and recent graduates with work authorization. Knowledge of the OWASP Top 10 and excellent technical writing skills are essential.
Qualifications
- Hands-on experience with web apps and API testing.
- Ability to conduct manual code reviews for vulnerabilities.
- Solid grasp of common vulnerability classes.
Responsibilities
- Conduct dynamic penetration testing and source code reviews.
- Triage findings from SAST scanner.
- Deliver professional penetration test reports.
Skills
Expires on November 26, 2025
ZeroPath is seeking candidates with hands-on experience in web application security to support our penetration testing engagements. This role supports short-term penetration testing engagements by combining automated scanning, manual code review, and dynamic testing. Contractors will validate vulnerabilities, deliver client-ready reports, and assist with re-testing after remediation.
- The position is a part-time, remote and flexible contractor role.
- Hours will vary depending on workload, typically averaging 10–30 hours per week.
- Core work: triage findings from ZeroPath’s in-house SAST scanner, perform dynamic penetration testing, and conduct security focused manual source code reviews.
- Deliverables include clear, professional penetration test reports and re-test confirmations after remediation.
- Hands-on experience performing dynamic pentesting of web apps and APIs, covering authentication, input validation & injection, and access control
- Proven ability to conduct manual source code reviews for security vulnerabilities in web applications.
- Solid grasp of the OWASP Top 10 and practical remediation guidance.
- Familiarity with common vulnerability classes and PoCs (e.g., SQLi, XSS, SSTI, deserialization, IDOR, SSRF)
- Strong technical writing: Vulnerability details, proof of concepts, and actionable remediation guidance for mixed audiences.
- Professionalism with client deliverables, deadlines, and confidentiality
- No specific school year requirement – open to all students and recent graduates
- Proven impact in bug bounty programs (e.g., HackerOne, Bugcrowd)
- Public recognition in vendor or industry “Security Hall of Fame” acknowledgments, credits in security advisories, or published CVEs.
- CTF achievements (notable placements/solve experience in Web)
- Certifications: OSWE, OSCP, OSCE3, OSEP, OSED, GWAPT, GPEN
- Open-source/security community engagement: conference talks, blog posts, or contributions to security tooling.
This position is open to US based students and recent graduates with US work authorization
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
Follow us
