Penetration Tester
Company: S3
Location: Denver
Posted on: April 1, 2026
|
|
|
Job Description:
Job Description STRATEGIC STAFFING SOLUTIONS HAS AN OPENING!
This is a Contract Opportunity with our company that MUST be worked
on a W2 Only. No C2C eligibility for this position. Visa
Sponsorship is Available! The details are below. “Beware of scams.
S3 never asks for money during its onboarding process.” Job Title:
Penetration Tester Location: Denver, CO, 80237 Onsite Work Contract
Length: 6 Months Job ref 244560 We are seeking an experienced
Penetration Tester to conduct comprehensive security assessments of
enterprise web applications. This role focuses on identifying
exploitable vulnerabilities, validating the effectiveness of
existing security controls, and delivering actionable remediation
guidance to strengthen the organization’s application security
posture within a regulated financial services environment. The
ideal candidate combines strong hands-on technical testing skills
with the ability to clearly communicate risk to both technical and
executive stakeholders. Scope of Work Perform scoped penetration
testing on designated web applications and supporting components.
Identify, validate, and exploit vulnerabilities across:
Authentication and authorization mechanisms Input validation and
data handling Session management API endpoints and third-party
integrations Business logic and workflow flaws Assess applications
against OWASP Top 10 and other applicable security standards and
best practices. Conduct manual penetration testing , supplemented
by automated tooling where appropriate. Analyze and prioritize
findings based on impact, exploitability, and likelihood , aligned
with Western Union risk rating methodologies. Collaborate with
application, security, and engineering teams to clarify findings
and remediation approaches. Reporting & Documentation Produce
comprehensive penetration testing reports that include:
Executive-level summary of risk and exposure Detailed technical
findings with clear reproduction steps Proof-of-concept exploits or
attack paths Practical, prioritized remediation recommendations
Communicate results effectively to both technical and non-technical
audiences. Required Qualifications Proven experience conducting web
application penetration testing in enterprise or regulated
environments. Strong working knowledge of: OWASP Top 10 Common web
vulnerabilities (SQL Injection, XSS, CSRF, authentication flaws,
etc.) Business logic vulnerabilities, particularly within financial
services applications Familiarity with secure coding practices and
modern web frameworks. Proficiency with industry-standard
penetration testing tools, including: Burp Suite OWASP ZAP Similar
web application security testing tools Demonstrated ability to
produce clear, actionable security reports tailored to diverse
audiences. Deliverables Formal vulnerability assessment report with
severity ratings and risk prioritization Retesting and validation
following remediation to confirm closure of identified issues
Keywords: S3, Parker , Penetration Tester, IT / Software / Systems , Denver, Colorado
