Skip to content Skip to sidebar Skip to footer
1-207-387-0396
49 Pineland Drive, New Gloucester, ME
Deer Brook Consulting
Deer Brook Consulting
Deer Brook Consulting
Close
Senior Web and Mobile Application Penetration Tester

Senior Web and Mobile Application Penetration Tester

Full-Time or Contract

New Gloucester, ME, Remote, or Hybrid

About the Role

We are seeking an experienced and highly skilled Web and Mobile Application Penetration Tester to join our cybersecurity team.

In this role, you will be responsible for conducting advanced security assessments of web and mobile applications, identifying vulnerabilities, and providing actionable remediation guidance to clients.

Responsibilities

  • Perform manual and automated penetration tests on web and mobile (iOS/Android) applications.
  • Identify, exploit, and document vulnerabilities in line with OWASP Top 10, OWASP MASVS, and other relevant security standards.
  • Simulate real-world attacks to assess application and API security posture.
  • Produce detailed and executive-level reports with clear risk ratings and remediation steps for clients.
  • Validate fixes for previously identified vulnerabilities and regress test for related issues.
  • Stay current on the latest attack techniques, vulnerabilities, and industry trends.

Qualifications

  • 3–5+ years of hands-on experience in penetration testing, with a strong focus on web and mobile applications.
  • Expertise in OWASP Top 10, OWASP MASVS, and common API vulnerabilities.
  • Proficient in tools such as Burp Suite, OWASP ZAP, MobSF, Postman, and others.
  • Experience in reverse engineering mobile applications, including analyzing APKs/IPAs and bypassing root/jailbreak detection.
  • Solid understanding of authentication mechanisms (OAuth2, JWT, SSO), session management, encryption, and secure coding practices.
  • Familiarity with CI/CD pipelines and integration of security testing tools.
  • Strong report writing skills, with the ability to communicate technical details clearly to both technical and non-technical audiences.

Nice-to-Haves

  • Certifications such as OSCP, OSEP, OSWA, OSWE, HTB CWES, GMOB, or GWAPT.
  • Experience testing and remediating a variety of web/mobile application stacks.
  • Experience testing cloud security (AWS, GCP, or Azure).
  • Experience with scripting and automation (Powershell, Bash, Python).
  • Understanding of regulatory and compliance requirements (PCI-DSS, HIPAA, GDPR, etc.).

About Deer Brook

Deer Brook Consulting is a trusted partner in information security, privacy, and technology. At the crossroads of business, cyber, and IT, we specialize in empowering organizations to achieve their goals faster and more effectively. Whether our customers are in Higher Education, Government Services, Banking and Finance, or need support with Cyber Security, DIB, CMMC, or DFARS Compliance, we provide solutions tailored specifically for their needs.

Equal Opportunity Employer Statement

Deer Brook is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other status protected by applicable law.

Apply Now

Ready to apply?

Send your resume directly to our team now at careers@deer-brook.com.