Ankura

Senior Associate, Cybersecurity, Mid-Level Penetration Tester (Web and Mobile Application)

Remote Washington, D.C.
USD 85k - 200k
AWS Azure GCP Docker Kubernetes API GraphQL Android
Description

Ankura is a team of excellence founded on innovation and growth.

Practice Overview:

We are seeking a Mid-Level Penetration Tester with a focus on Web, API, and Mobile Application security assessments to join our consulting team. This role requires not only hands-on penetration testing skills but also the ability to engage with clients, provide security advisory services, and offer remediation guidance. The ideal candidate will possess strong technical expertise and consulting skills to effectively communicate risks and solutions to both technical and non-technical stakeholders. Occasionally, the role may involve network and wireless penetration testing and social engineering.

This role is remote, based in the United States.

Responsibilities:

Technical Execution (75%)

  • Conduct manual and automated penetration tests on web applications, APIs (REST, GraphQL, SOAP), and mobile applications (Android/iOS).

  • Perform black-box, gray-box, and white-box assessments to identify and exploit security weaknesses.

  • Utilize industry-standard tools such as Burp Suite Pro, Postman, OWASP ZAP, MobSF, APKTool, Frida, Objection, and related tools.

  • Perform source code reviews to identify security flaws in web and mobile applications.

  • Develop and execute API security testing strategies, including authentication/authorization testing, token manipulation, and business logic testing.

  • Assess mobile app security through reverse engineering, static analysis, dynamic analysis, and runtime instrumentation.

  • Stay current with emerging vulnerabilities, attack vectors, and security best practices (e.g., OWASP Top 10, API Security Top 10, MASVS).

  • Occasionally conduct network and wireless penetration testing to identify vulnerabilities in these areas.

Consulting & Client Engagement (25%)

  • Effectively communicate findings, risk impact, and remediation strategies to clients, including both technical and executive-level audiences.

  • Develop and deliver technical reports, presentations, and remediation guidance tailored to clients' business needs.

  • Collaborate with development teams, security engineers, and DevOps teams to implement secure coding practices.

  • Conduct security training, tabletop exercises, and security awareness sessions for clients.

  • Participate in client scoping calls, proposal writing, and pre-engagement discussions.

  • Support security strategy, compliance efforts (PCI DSS, HIPAA, ISO 27001, etc.), and security roadmap development.

Requirements:

  • 3–5 years of experience in penetration testing, focusing on web applications, APIs, and mobile apps.

  • Proficiency with tools such as Burp Suite Pro, Postman, OWASP ZAP, MobSF, APKTool, Frida, Objection, and related tools.

  • Strong understanding of OWASP Top 10 (Web, API, Mobile) and other security frameworks.

  • Experience testing authentication mechanisms, including OAuth, JWT, SAML, and API key-based authentication.

  • Familiarity with GraphQL security testing and API fuzzing techniques.

  • Experience in mobile app security testing, including SSL pinning bypass, root/jailbreak detection bypass, and dynamic analysis.

  • Strong written and verbal communication skills for client reporting and presentations.

  • Ability to translate technical risks into business impact for clients.

  • Willingness to travel up to 25% for client meetings, assessments, and industry conferences.

  • Ability and willingness to perform network and wireless penetration testing and social engineering when required.

  • Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

Preferred Qualifications:

  • Industry certifications such as OSCP, GWAPT, OSWE, OSEP, OSEE, GMOB, or OSCE3

  • Familiarity with cloud security (AWS, Azure, GCP) and API security gateways.

  • Experience with secure SDLC, threat modeling, and DevSecOps integration.

  • Understanding of container security (Docker, Kubernetes).

  • Public speaking experience (e.g., conferences, webinars, client presentations).

  • Experience contributing to open-source security tools or bug bounty programs.

For individuals assigned and/or hired to work in California, Colorado, or New York, Ankura is required to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the said markets and considers a broad range of factors including but not limited to skill sets, experience and training, licensure and certifications, and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The range does not include additional benefits outside of salary. At Ankura, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each role. A reasonable estimate of the current base pay range is between $85,000 to $200,000; this range is not a promise of a particular wage.

#LI-remote

#LI-AL1

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.

There are more than 50,000 engineering jobs:

Subscribe to membership and unlock all jobs

Engineering Jobs

60,000+ jobs from 4,500+ well-funded companies

Updated Daily

New jobs are added every day as companies post them

Refined Search

Use filters like skill, location, etc to narrow results

Become a member

🥳🥳🥳 452 happy customers and counting...

Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.

To try it out

For active job seekers

For those who are passive looking

Cancel anytime

Frequently Asked Questions

  • We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
  • We've got about 70,000 jobs from 5,000 vetted companies. No fake or sleazy jobs here!
  • We aggregate jobs from 5,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
  • We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
  • Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
  • Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
  • Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅

What Fellow Engineers Say

Sid avatar
Sid
Very nice portal for searching jobs in this rough market.
Mar 6, 2025
Michael Duran avatar
Michael Duran
Software Engineer
I've been using this job search site for a while now, and it’s honestly one of the best out there! The clean and easy-to-navigate UI makes the whole job-hunting process so much smoother. Plus, the job postings are always up-to-date, so I never feel like I’m wasting time. The cherry on top is the owner—super kind and always quick to respond. Definitely recommend checking it out if you're on the job hunt!
Aug 21, 2024
Sai avatar
Sai
It’s really great website for finding jobs based on skills it’s really helpful give a go
Aug 21, 2024
Adinadh avatar
Adinadh
What I like most about Echo Jobs is how easy it is to use. The platform helps me quickly find jobs that match my skills and interests, thanks to its great recommendations and filters. Yes, I would definitely recommend Echo Jobs to a friend. It makes job searching simple and efficient, making it a great tool for anyone looking for a new job.
Jul 23, 2024
As a student navigating the job market, I've found LinkedIn increasingly frustrating due to numerous fake postings by consultancies. In contrast, this job posting website has been a game-changer for me. It offers genuine opportunities and a straightforward application process, making it much easier to find and apply for real jobs. Highly recommend it to fellow students seeking reliable job listings!
Jul 16, 2024
Cliff Gor avatar
Echo Jobs has been exceptional in my job hunt where it provides one platform to job hunt and I don't have to open 10 websites just to look for a job. It has also helped me focus much on the job skill and the location filtering out the onsite jobs and remote ones. The only feature that I would request is to display fully remote jobs that are not restricted to a country since the one available shows ie, Remote, US yet. But if it could show remote only, that would be helpful not only to me but to other people applying for full remote and not tied to only US candidates
Apr 22, 2024
I found EchoJobs in 2022, and I love it. It has a lot of remote jobs. It's exclusive to software and technology jobs (helpful for devs like me). What I like the most are its filters and its API. If you're a tech professional seeking remote work, I highly recommend giving it a try to EchoJobs.
Mar 4, 2024
Would definitely recommend it! Excellent product, dedicated founder, Jobs are easier to find. Congrats 🎉 to the entire team!
Mar 3, 2024
Brandon Banks avatar
Brandon Banks
Echo Jobs is really impressive. It provides a great user experience with an ability to quickly search through the many job postings. There is an impressive amount of jobs here and it is quickly updated. The details in the each job posting is helpful when determining if it is worth pursuing. I would highly recommend using Echo Jobs to find the next step in your career.
Mar 2, 2024
Tyler Young avatar
Tyler Young
tylerayoung.com
Best wishes with EchoJobs—it's become my favorite job board overnight!
Dec 16, 2023
Simply put, it's the most up to date tech jobs aggregator I’ve found. I'm like... "I don't have to check 10+ jobs boards daily just to see if there's a new job listing? sign me up!" The filters are also quite helpful! The UI is very clean and straightforward. Love it!
Oct 5, 2023