Penetration Testing Engineer – Web & API (Contract)
Type: Contract / Short-term Project
Location: Remote
Level: Senior
Overview
SKYTEK Solutions is seeking an experienced penetration testing engineer to perform a focused security assessment of a modern web application environment. This engagement includes unauthenticated and authenticated testing, MFA-protected workflows, and delivery of a clear, executive-ready penetration testing report.
This role is suited for a seasoned tester who can operate independently and produce high-quality, actionable findings.
Scope of Work
Web application penetration testing (non-production environment)
Unauthenticated + authenticated user flow testing
Authorization, session management, and access-control validation
OWASP Top 10 vulnerability assessment
Testing in WAF-protected environments
Coordination with internal security teams as required
Environment & Security Context
Low-privilege test user access provided
MFA-enabled authentication flows
Azure-based infrastructure and WAF controls
No IP allowlisting required; security notification required
Deliverables
Executive summary (risk-focused)
Detailed findings with CVSS scoring
Clear remediation guidance
Evidence and reproduction steps
Retest / validation (if requested)
Requirements
5+ years of hands-on penetration testing experience
Strong web application & API security expertise
Experience testing authenticated & MFA-protected apps
Familiarity with WAF/CDN-protected environments
Ability to deliver professional, well-structured reports
Excellent communication and discretion
Nice to Have
Mobile backend or hybrid app testing experience
OAuth / SSO / CIAM familiarity
OSCP, OSWE, GWAPT, or similar certifications