Crux Security Application Penetration Tester Remote · Full time Company website

Apply for Application Penetration Tester

Crux Security is a comprehensive cybersecurity firm that blends GRC SaaS solutions with high-touch security services to help businesses build and manage effective security programs. Headquartered in Austin, TX, we work across industries—including finance, healthcare, defense, and technology—to provide risk advisory, application and network pen testing, security training, and fractional CISO services. Our Crux Platform simplifies security program development, offering automated tools, compliance tracking, and policy management, ensuring companies can confidently demonstrate and maintain their security posture.

About the Role

We are seeking an experienced Application Penetration Tester to conduct in-depth security assessments of web, mobile, and cloud-based applications. You will play a key role in identifying vulnerabilities, simulating real-world attacks, and providing actionable remediation guidance to improve security posture.

Key Responsibilities

• Conduct manual and automated penetration tests on web, mobile, and API-based applications.
• Identify, exploit, and document vulnerabilities following OWASP, MITRE ATT&CK, and industry best practices.
• Utilize common security tools (Burp Suite, Metasploit, Kali Linux, ZAP, etc.) and custom scripts to assess application security.
• Perform source code reviews and security assessments of application architectures.
• Simulate real-world attack scenarios and assess business risks.
• Provide detailed reports with clear remediation guidance for development and security teams.
• Collaborate with developers, DevOps, and security engineers to integrate security into the SDLC.
• Stay up to date on emerging threats, zero-day vulnerabilities, and security trends.

Required Qualifications

• 8+ years of hands-on experience in application penetration testing and security assessments.
• Deep background in software development.
• Expert knowledge of OWASP Top 10, SANS 25, CWE, and NIST frameworks.
• Proficiency with tools like Burp Suite, Metasploit, Nmap, Kali Linux, ZAP, SQLmap, etc.
• Strong understanding of web technologies (HTTP, REST APIs, GraphQL, WebSockets, etc.).
• Experience testing mobile applications (iOS & Android), including reverse engineering and dynamic analysis.
• Familiarity with cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Ability to write and understand exploits, scripts, and automation tools in Python, Bash, or PowerShell.
• Exceptional english (native), presentation, report writing, and executive advisory skills.

Preferred Qualifications

• Relevant certifications such as OSCP, OSWE, GWAPT, GPEN, or CISSP.
• Experience in red teaming, threat modeling, and adversary simulation.
• Familiarity with CI/CD security tools and DevSecOps practices.
• Background in secure coding and software development.

Why Join Us?

• Fully remote with flexible working hours.
• Competitive salary and bonus incentives.
• Continuous training and certification reimbursement.
• Work on diverse projects across multiple industries.
• Collaborative and innovative security team culture.

Direct Applicants Only – No Staffing Agencies or Third-Party Recruiters

We are not accepting solicitations from staffing agencies, recruiting firms, or third-party vendors for this position. Any unsolicited resumes or candidate submissions from such entities will not be considered, and we will not be responsible for any associated fees. Thank you for respecting this policy.