Security Engineer – Penetration Testing in Minneapolis, MN (W2 Contract)

Security Engineer – Penetration Testing

Location: Minneapolis, MN (Remote)
Duration: Longterm

Pay Rate: $60/hr on W2

Relevant certifications such as OSCP, OSCE, OSWE, or CISSP

Key Responsibilities

• Conduct end-to-end penetration testing engagements, including scoping, exploitation, validation, and reporting
• Perform security assessments on web applications, APIs, and enterprise systems
• Identify and evaluate vulnerabilities including OWASP Top 10 risks, authentication/authorization weaknesses, and injection flaws
• Utilize security testing tools such as Burp Suite, Nmap, and exploitation frameworks
• Develop scripts and automation using Python or Go to improve testing efficiency
• Document findings clearly and provide actionable remediation recommendations
• Partner with engineering teams to validate fixes and improve system security
• Support proactive risk identification and threat modeling activities
• Assist with vulnerability triage and bug bounty program support
• Contribute to improving penetration testing methodologies, tooling, and processes
• Provide technical guidance and mentorship to junior team members when needed

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience
• 10+ years of cybersecurity experience with progressive responsibility in penetration testing
• 7+ years of hands-on penetration testing experience focused on web applications and APIs within enterprise environments
• Strong experience executing the full penetration testing lifecycle from scoping through reporting
• Deep understanding of web application security vulnerabilities including OWASP Top 10
• Expertise in authentication, authorization, and injection attack testing
• Advanced proficiency with Burp Suite, Nmap, and common exploitation frameworks
• Experience scripting or automating tasks using Python or Go
• Excellent documentation and communication skills
• Proven experience collaborating with engineering teams on remediation efforts

Preferred Qualifications

• Experience testing mobile applications, embedded systems, or third-party/vendor platforms
• Familiarity with PCI penetration testing requirements and compliance frameworks
• Experience supporting bug bounty programs including triage and validation
• Exposure to threat modeling and proactive risk assessments
• Experience mentoring or guiding security testers
• Strong understanding of networking and enterprise system architecture
• Experience improving or automating penetration testing processes and tooling
• Relevant certifications such as OSCP, OSCE, OSWE, or CISSP