Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individual technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 80% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement, etc.

Who we’re looking for:

We are seeking a Web Application Penetration Tester with hands-on experience assessing web, mobile and client-side applications, as well as APIs and databases. This role will be responsible for identifying vulnerabilities, analyzing risks and producing detailed reports to inform mitigation efforts. The Web Application Penetration Tester will apply advanced testing techniques to improve the security posture of enterprise systems, supporting federal cybersecurity objectives. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

• Conduct security assessments on web applications, mobile apps, APIs, client-side tools and databases.
• Collaborate with internal teams and clients to define testing scopes, business cases and remediation strategies.
• Perform root cause analysis and risk assessments on identified vulnerabilities.
• Develop and communicate findings through formal reports and client presentations.
• Participate in technical discussions and client meetings to report progress and identify roadblocks.
• Document exploitation steps, technical procedures and recommended mitigations in comprehensive deliverables.
• Support cybersecurity control testing across network, application and cloud environments.
• Execute penetration testing using approved test protocols and toolsets

What you need to know:

• Strong understanding of web application security vulnerabilities and exploitation techniques.
• Familiarity with penetration testing frameworks and methodologies.
• Ability to translate complex technical findings into clear, actionable reports for both technical and non-technical audiences.
• Proficiency in scripting and payload crafting to support advanced testing scenarios.
• Strong communication and collaboration skills to support client interaction and team delivery.

Must have’s:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Mathematics, Engineering or a related field.
• One or more of the following certifications: OSCP (preferred), OSWA, OSWE, CRTO, CBBH, GWAPT or other relevant hands-on certification.
• 5+ years of Web Application Penetration Tester experience.
• Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
• Hands-on experience conducting cybersecurity control testing across networks, websites, mobile apps and cloud technologies.
• Experience in network mapping, vulnerability scanning and penetration testing of applications and systems.
• Experience using approved test protocols and procedures to perform network- and application-level penetration tests.
• Knowledge of FISMA and NIST 800-series standards.
• Experience with vulnerability scanning tools (Nessus, Nmap) and penetration testing tools (Burp Suite, Metasploit and Kali Linux).
• Demonstrated experience in scripting, payload development and custom exploitation.
• Must be willing to travel as needed
• U.S. citizenship and eligibility to obtain and maintain a Secret clearance, as required by the federal contract.

Where it’s done:

• Remote (Herndon, VA).