Senior Web Application Penetration Tester

SIXGEN ’s mission is to deliver agile, mission-ready cybersecurity solutions that empower government and critical infrastructure organizations to stay ahead of advanced cyber threats. We combine innovation, deep expertise, and cutting-edge capabilities to uncover vulnerabilities, protect vital systems, and ensure operational superiority in an ever-evolving digital landscape. Position: Senior Web Application Penetration Tester Job Type: Full Time Location: Remote. Proximity to Maryland or Virginia is a plus, but not required Clearance Requirements: Secret Travel: Up to 10% ABOUT THE TEAM SIXGEN supports cyber and intelligence missions by serving government and commercial organizations as they overcome global cybersecurity challenges. You’ll work with our highly skilled operators conducting research and assessments based on real-world threats. You’ll simulate adversaries and malicious actors and report details and actionable findings on critical assets and infrastructures. Using innovative processes, tools, and techniques, you’ll predict and overcome cybersecurity vulnerabilities. Your successes will be supported by our diverse team of experienced, technical talent. WHAT YOU’LL DO Perform comprehensive penetration testing of web applications to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication flaws, and insecure APIs. Use a combination of manual testing techniques and automated tools (e.g., Burp Suite, OWASP ZAP) to assess application security. Analyze application architecture and source code (when available) to uncover deeper, logic-based or systemic vulnerabilities. Document and communicate findings with clear risk assessments, reproduction steps, and actionable remediation recommendations. Stay up to date with evolving web technologies, threat trends, and security tools to ensure cutting-edge testing practices. REQUIRED QUALIFICATIONS US Citizen with the ability to obtain a Secret clearance Experience Certifications: Minimum 5 years of hands-on web application penetration testing experience, with a strong preference for OSCP or equivalent certifications (e.g., OSWA, OSWE, CRTO, GWAPT). Technical Proficiency: Proven ability to conduct full-scope penetration tests using tools like Burp Suite, Kali Linux, Metasploit, Nessus, and Nmap; skilled in scripting and payload development. Security Standards Methodologies: Familiarity with FISMA and NIST 800-series frameworks; experienced in applying formal testing protocols and methodologies to assess networks, web apps, and cloud environments. Client Engagement Clearance: Strong communication skills for interfacing with clients and documenting findings; able to travel as needed and obtain a U.S. Secret Clearance. US Salary Range $100,000 - $145,000 USD The salary range for this role is an estimate based on a wide range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Additionally, SIXGEN offers top-tier benefits for full-time employees, including: Employer-paid health insurance premiums (medical, dental, vision) for you and your family Employer-paid short/long term disability insurance and basic life/ADD insurance 401K with a 4% employer contribution Professional development reimbursement options available (training, certification, education, etc)​ Flexible and remote work policies for most positions Flexible PTO and holiday schedule SIXGEN is an Equal Opportunity Employer. We ensure that all applicants are considered for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class. We are committed to fostering an inclusive culture that values diversity in our people, reflecting the communities we serve and our customer base. We strive to attract and retain a diverse talent pool and create an environment where everyone is empowered to be their authentic selves at work. Originally posted on Himalayas