Demo
Salary Resume Critique Job Openings

Lead Application Penetration Tester

OnDefend LLC
Washington, DC Full Time
POSTED ON 3/11/2025 CLOSED ON 4/2/2025

What are the responsibilities and job description for the Lead Application Penetration Tester position at OnDefend LLC?

We are seeking a highly skilled and experienced Lead Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a critical role in ensuring the security of our applications and guiding our security testing and vulnerability triage.
As a lead, you will oversee a comprehensive security assessment of a cloud-native, microservices-based architecture. Your focus will be on web and mobile applications, cloud security testing, adversary emulation, and continuous security posture improvement. You will mentor junior team members and lead the development of security strategies and best practices.
You will leverage your expertise in application security, utilizing tools such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) to perform both static and dynamic source code reviews. Additionally, you will employ threat modeling and threat actor attack pathing to continually validate the effectiveness of the customer’s security controls.
The primary goal is to ensure that the security controls implemented by the organization are functioning as intended. By doing so, you will enhance the overall security defenses and collaborate with global development teams to maintain the ongoing security of the globally adopted application.
Job Description Highlights
Leadership and Mentorship:
  • Lead and mentor a team of penetration testers, providing guidance and support to ensure high-quality security assessments.
Security Testing of Developer Operations and Mobile Apps:
  • Conduct thorough security testing of developer operations and mobile applications (iPhone and Android).
  • Identify security issues and vulnerabilities.
Source Code Reviews:
  • Perform in-depth source code reviews to identify security flaws or weaknesses.
Executing Tests/Assessments and Drafting Reports:
  • Execute detailed assessments and compile findings into reports for further review and action.
  • Conduct comprehensive penetration testing on web and mobile applications to identify security vulnerabilities.
  • Perform secure code reviews to detect and mitigate potential security issues in the source code.
  • Collaborate with development teams to provide actionable recommendations for improving security posture.
  • Develop and maintain security testing methodologies, tools, and scripts.
  • Document and report findings, including risk assessments and remediation strategies.
  • Stay updated with the latest security trends, vulnerabilities, and attack vectors.
  • Assist in the development and implementation of security policies and procedures.
DevOps Engineering:
  • Integrate security practices into the DevOps pipeline to ensure continuous security throughout the development lifecycle.
  • Automate security testing and monitoring within CI/CD pipelines.
  • Collaborate with DevOps teams to implement secure infrastructure and deployment practices.
Offensive Security:
  • Conduct offensive security operations to simulate real-world attacks and assess the effectiveness of security measures.
  • Develop and execute red team exercises to test organizational defenses.
  • Provide insights and recommendations based on offensive security findings to enhance overall security posture.
Strategy Development:
  • Develop and implement security testing strategies and best practices to enhance the organization’s security posture.
Collaboration:
  • Collaborate with global development teams to maintain the ongoing security of the globally adopted application.
Required Skills and Experience:
  • Bachelor’s degree in computer science, Software Engineering, or related field, or equivalent job experience.
  • Professional certifications such as GWAPT (GIAC Web Application Penetration Tester), OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or similar.
  • 5-7 years of experience in application security testing and source code review with at least 2 years in a leadership role.
  • Proficiency in multiple programming languages and understanding of secure coding practices.
  • Strong analytical skills and attention to detail for identifying vulnerabilities.
  • Testing Developer Flows and Mobile Apps: Conducts thorough security testing of developer workflows and mobile applications (for both iPhone and Android platforms), identifying security issues and vulnerabilities.
  • Conducting Source Code Reviews: Performs in-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications.
  • Executing Tests/Assessments and Drafting Reports: Executes detailed assessments and compiles findings into reports for further review and action.
Tools and Technologies:
Experience with tools like Burp Suite Pro, Checkmarx, Corellium, Synopsys, Acunetix, VeraCode, SAST & DAST Tools, Plextrac, Cloud security (AWS / Azure / Oracle), Postman, SmartBear ReadyAPI, SoapUI, and Hashicorp Vault.
Web Application Penetration Tester – Technical Lead (Hybrid or Remote Work)
Freddie Mac -
Mc Lean, VA
View Job Details
Lead Penetration Tester
Tyto Athene, LLC -
Arlington, VA
View Job Details
Specialist, MAST Application Penetration Tester
KPMG US -
Alexandria, VA
View Job Details

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Lead Application Penetration Tester?

Sign up to receive alerts about other jobs on the Lead Application Penetration Tester career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$126,569 - $164,899
Income Estimation: 
$151,231 - $194,242
Income Estimation: 
$155,218 - $198,966
Income Estimation: 
$153,752 - $200,235
Income Estimation: 
$131,745 - $167,716
Income Estimation: 
$150,756 - $194,140
Income Estimation: 
$172,191 - $221,861
Income Estimation: 
$114,549 - $164,025
Income Estimation: 
$153,752 - $200,235
Income Estimation: 
$101,441 - $130,752
Income Estimation: 
$111,369 - $141,168
Income Estimation: 
$117,871 - $153,580
Income Estimation: 
$109,939 - $144,341
Income Estimation: 
$114,500 - $144,633
Income Estimation: 
$120,936 - $155,014
Income Estimation: 
$131,745 - $167,716
Income Estimation: 
$144,503 - $184,592
Income Estimation: 
$102,541 - $137,871
Income Estimation: 
$153,752 - $200,235
Income Estimation: 
$111,369 - $141,168
Income Estimation: 
$131,745 - $167,716
Income Estimation: 
$144,503 - $184,592
Income Estimation: 
$102,541 - $137,871
Income Estimation: 
$153,752 - $200,235
This job has expired.
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Not the job you're looking for? Here are some other Lead Application Penetration Tester jobs in the Washington, DC area that may be a better fit.

Application Penetration Tester

Insight Global, Washington, DC

Web Application Penetration Tester – Technical Lead (Hybrid or Remote Work)

myGwork - LGBTQ+ Business Community, Mc Lean, VA

View More Jobs

AI Assistant is available now!

Feel free to start your new journey!