Senior Penetration Tester

Location: Fully Remote

Appsecure is a leading offensive cybersecurity and red-team services company trusted by Fortune 500s, high-growth startups, and global enterprises. Our team consists of top bug bounty hunters, seasoned red teamers, and security researchers who deliver high-impact security testing across web, mobile, API, and cloud infrastructures.

We are CREST-accredited, CSA Singapore compliant, and we pride ourselves on providing “Apple-quality” offensive security services to our customers.

We are looking for a Senior Penetration Tester to join our global offensive security team. The ideal candidate is highly skilled in identifying and exploiting vulnerabilities across Web, API, Mobile, and Network infrastructures. You’ll work on challenging real-world engagements, simulate advanced attacker techniques, and deliver high-quality reports that drive real business impact.

• Conduct penetration testing across web, API, mobile, and network applications.
• Perform threat modeling, vulnerability assessments, and exploit research.
• Simulate advanced attack scenarios including business logic flaws, privilege escalation, and chained exploits.
• Contribute to red-team exercises and advanced adversary simulations.
• Work with clients to explain findings, remediation steps, and best practices in a clear and professional manner.
• Mentor junior testers and contribute to Appsecure’s research and methodologies.
• (Optional) Participate in bug bounty programs to strengthen hands-on offensive skills.

• 3+ years of hands-on penetration testing experience (consulting or in-house).
• Strong expertise in Web, API, Mobile (iOS/Android), and Network security testing.
• Familiarity with OWASP Top 10, API Top 10, and modern exploitation techniques.
• Solid understanding of cloud environments (AWS, GCP, Azure) is a plus.
• Industry certifications like OSCP, CREST, OSWE, OSCE, or equivalent are highly valued.
• Bug bounty experience on platforms like HackerOne, Bugcrowd, or Synack is a plus.
• Strong communication skills to engage with technical and non-technical stakeholders.
• Ability to work independently in a remote, global team environment.

• Competitive, performance-driven compensation package.
• Comprehensive health insurance and wellness benefits.
• Company-sponsored off-sites and team retreats.
• Exposure to cutting-edge offensive security projects across industries.
• Opportunity to work alongside some of the top researchers and bug bounty hunters.