Ankura is a team of excellence founded on innovation and growth.
Practice Overview:
We are seeking a Mid-Level Penetration Tester with a focus on Web, API, and Mobile Application security assessments to join our consulting team. This role requires not only hands-on penetration testing skills but also the ability to engage with clients, provide security advisory services, and offer remediation guidance. The ideal candidate will possess strong technical expertise and consulting skills to effectively communicate risks and solutions to both technical and non-technical stakeholders. Occasionally, the role may involve network and wireless penetration testing and social engineering.
This role is remote, based in the United States.
Responsibilities:
Technical Execution (75%)
Conduct manual and automated penetration tests on web applications, APIs (REST, GraphQL, SOAP), and mobile applications (Android/iOS).
Perform black-box, gray-box, and white-box assessments to identify and exploit security weaknesses.
Utilize industry-standard tools such as Burp Suite Pro, Postman, OWASP ZAP, MobSF, APKTool, Frida, Objection, and related tools.
Perform source code reviews to identify security flaws in web and mobile applications.
Develop and execute API security testing strategies, including authentication/authorization testing, token manipulation, and business logic testing.
Assess mobile app security through reverse engineering, static analysis, dynamic analysis, and runtime instrumentation.
Stay current with emerging vulnerabilities, attack vectors, and security best practices (e.g., OWASP Top 10, API Security Top 10, MASVS).
Occasionally conduct network and wireless penetration testing to identify vulnerabilities in these areas.
Consulting & Client Engagement (25%)
Effectively communicate findings, risk impact, and remediation strategies to clients, including both technical and executive-level audiences.
Develop and deliver technical reports, presentations, and remediation guidance tailored to clients' business needs.
Collaborate with development teams, security engineers, and DevOps teams to implement secure coding practices.
Conduct security training, tabletop exercises, and security awareness sessions for clients.
Participate in client scoping calls, proposal writing, and pre-engagement discussions.
Support security strategy, compliance efforts (PCI DSS, HIPAA, ISO 27001, etc.), and security roadmap development.
Requirements:
3–5 years of experience in penetration testing, focusing on web applications, APIs, and mobile apps.
Proficiency with tools such as Burp Suite Pro, Postman, OWASP ZAP, MobSF, APKTool, Frida, Objection, and related tools.
Strong understanding of OWASP Top 10 (Web, API, Mobile) and other security frameworks.
Experience testing authentication mechanisms, including OAuth, JWT, SAML, and API key-based authentication.
Familiarity with GraphQL security testing and API fuzzing techniques.
Experience in mobile app security testing, including SSL pinning bypass, root/jailbreak detection bypass, and dynamic analysis.
Strong written and verbal communication skills for client reporting and presentations.
Ability to translate technical risks into business impact for clients.
Willingness to travel up to 25% for client meetings, assessments, and industry conferences.
Ability and willingness to perform network and wireless penetration testing and social engineering when required.
Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.
Preferred Qualifications:
Industry certifications such as OSCP, GWAPT, OSWE, OSEP, OSEE, GMOB, or OSCE3
Familiarity with cloud security (AWS, Azure, GCP) and API security gateways.
Experience with secure SDLC, threat modeling, and DevSecOps integration.
Understanding of container security (Docker, Kubernetes).
Public speaking experience (e.g., conferences, webinars, client presentations).
Experience contributing to open-source security tools or bug bounty programs.
For individuals assigned and/or hired to work in California, Colorado, or New York, Ankura is required to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the said markets and considers a broad range of factors including but not limited to skill sets, experience and training, licensure and certifications, and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The range does not include additional benefits outside of salary. At Ankura, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each role. A reasonable estimate of the current base pay range is between $85,000 to $200,000; this range is not a promise of a particular wage.
#LI-remote
#LI-AL1
Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.
Other Jobs from Ankura
Director, Data & Technology, Data Privacy
Senior Software Engineer, Ailevate
Senior Director, Data & Technology, Data Privacy (AdTech)
Technical Project Manager, Data Analytics
Similar Jobs
Staff Software Engineer, Mapping
Software Development Engineer I- NGA
Software Development Engineer I- NGA
Security Engineer - Application Security
Security Engineer - Application Security
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 452 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say