top of page

Senior Web and Mobile Application Penetration Tester

Full-Time or Contract

New Gloucester, ME, Remote, or Hybrid

About the Role

We are seeking an experienced and highly skilled Web and Mobile Application Penetration Tester to join our cybersecurity team.

 

In this role, you will be responsible for conducting advanced security assessments of web and mobile applications, identifying vulnerabilities, and providing actionable remediation guidance to clients.  

What You'll Do

  • Perform manual and automated penetration tests on web and mobile (iOS/Android) applications.

  • Identify, exploit, and document vulnerabilities in line with OWASP Top 10, OWASP MASVS, and other relevant security standards.

  • Simulate real-world attacks to assess application and API security posture.

  • Produce detailed and executive-level reports with clear risk ratings and remediation steps for clients.

  • Validate fixes for previously identified vulnerabilities and regress test for related issues.

  • Stay current on the latest attack techniques, vulnerabilities, and industry trends.

What We're Looking For

  • 3–5+ years of hands-on experience in penetration testing, with a strong focus on web and mobile applications.

  • Expertise in OWASP Top 10, OWASP MASVS, and common API vulnerabilities.

  • Proficient in tools such as Burp Suite, OWASP ZAP, MobSF, Postman, and others.

  • Experience in reverse engineering mobile applications, including analyzing APKs/IPAs and bypassing root/jailbreak detection.

  • Solid understanding of authentication mechanisms (OAuth2, JWT, SSO), session management, encryption, and secure coding practices.

  • Familiarity with CI/CD pipelines and integration of security testing tools.

  • Strong report writing skills, with the ability to communicate technical details clearly to both technical and non-technical audiences.

Preferred Qualifications

  • Certifications such as OSCP, OSEP, OSWA, OSWE, HTB CWES, GMOB, or GWAPT.

  • Experience testing and remediating a variety of web/mobile application stacks.

  • Experience testing cloud security (AWS, GCP, or Azure).

  • Experience with scripting and automation (Powershell, Bash, Python).

  • Understanding of regulatory and compliance requirements (PCI-DSS, HIPAA, GDPR, etc.).

Why Join Us?

  • We offer a competitive salary, plus performance bonuses.

  • Our work arrangements are flexible and a blend of remote and hybrid.

  •  We set aside a budget for learning & development, allowing you opportunities to earn certifications and undergo additional training.

  • We pride ourselves of our collaborative and security-first culture.

  • You will have an exciting opportunity to work on cutting-edge technology stacks and security challenges.

About Deer Brook

Apply Now

Ready to apply?

 

Send your resume directly to our team now at careers@deer-brook.com.

A diamond shape
A decorative diamond shape
bottom of page