Cyber Security Research Engineer Job Charlotte area,North Carolina USA,IT/Tech

Location: Charlotte, NC
Salary: $60.00 USD Hourly - $65.00 USD Hourly
Description:
Application Penetration Tester

We are not accepting C2C or 1099 arrangements.

Overview

We are seeking an Application Penetration Tester to identify, validate, and exploit security vulnerabilities through hands-on, manual testing across a wide range of application technologies. This role requires deep technical expertise, curiosity, and the ability to go beyond automated tools to uncover meaningful security risks and drive remediation.

You will play a key role in strengthening application security by delivering high-confidence findings, collaborating with development teams, and improving testing methodologies.
Responsibilities

Conduct manual penetration testing across:
- Web applications (browser-based)
- APIs
- Mobile applications
- (Optional) mainframe and thick client applications
Perform authentication, authorization, and business logic testing to identify real-world attack scenarios
Use automated tools to support testing while prioritizing manual techniques for accuracy and depth
Reproduce and validate vulnerabilities, including chained attack paths where applicable
Analyze and triage findings, including filtering false positives from scanning tools
Create clear, reproducible technical reports with:
- Step-by-step reproduction details
- Impacted systems or endpoints
- Risk assessment and business impact
- Practical remediation recommendations
Partner closely with application and security teams to:
- Explain findings
- Prioritize remediation efforts
- Support vulnerability resolution and retesting
Contribute to improving penetration testing practices, tools, and processes
Participate in peer reviews and knowledge sharing across the team
Communicate security risks effectively to both technical and non-technical stakeholders

Minimum Qualifications

2+ years of experience in cybersecurity research or related experience (work, education, or military)
2+ years of hands-on manual application penetration testing experience
2+ years of experience with Dynamic Application Security Testing (DAST) tools, including configuration and validation of findings

Preferred Qualifications

Experience with industry-standard tools such as:
- Burp Suite
- Invicti
- Web Inspect
- Fiddler
Strong understanding of application security concepts and vulnerabilities (e.g., OWASP Top 10)
Experience with scripting or automation (e.g., Python, Shell)
Knowledge of compliance frameworks and standards (e.g., PCI DSS, GDPR)
Familiarity with security risks in AI/ML-enabled applications (e.g., prompt injection, data exposure)
Strong analytical, problem-solving, and communication skills
Ability to collaborate effectively across cross-functional teams
Industry certifications (OSCP, BSCP, GWAPT, GPEN, GXPN, or equivalent)

Work Environment & Logistics

Work Schedule: Monday-Friday (8:00 AM - 5:00 PM, flexible within consistent hours)
Work Model: Hybrid (3 days onsite, 2 days remote)
Locations: Charlotte, NC (primary) and additional hubs including Dallas, Minneapolis, Chandler, Des Moines, Columbus, Raleigh, San Antonio, and Washington, DC
Visa Sponsorship: Not available

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes.

Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!