Security Engineer – Penetration Testing in Minneapolis, MN (W2 Contract)

Security Engineer – Penetration Testing Location: Minneapolis, MN (Remote) Duration: Longterm Pay Rate: $60/hr on W2 Relevant certifications such as OSCP, OSCE, OSWE, or CISSP Key Responsibilities Conduct end-to-end penetration testing engagements, including scoping, exploitation, validation, and reporting Perform security assessments on web applications, APIs, and enterprise systems Identify and evaluate vulnerabilities including OWASP Top 10 risks, authentication/authorization weaknesses, and injection flaws Utilize security testing tools such as Burp Suite, Nmap, and exploitation frameworks Develop scripts and automation using Python or Go to improve testing efficiency Document findings clearly and provide actionable remediation recommendations Partner with engineering teams to validate fixes and improve system security Support proactive risk identification and threat modeling activities Assist with vulnerability triage and bug bounty program support Contribute to improving penetration testing methodologies, tooling, and processes Provide technical guidance and mentorship to junior team members when needed Required Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience 10+ years of cybersecurity experience with progressive responsibility in penetration testing 7+ years of hands-on penetration testing experience focused on web applications and APIs within enterprise environments Strong experience executing the full penetration testing lifecycle from scoping through reporting Deep understanding of web application security vulnerabilities including OWASP Top 10 Expertise in authentication, authorization, and injection attack testing Advanced proficiency with Burp Suite, Nmap, and common exploitation frameworks Experience scripting or automating tasks using Python or Go Excellent documentation and communication skills Proven experience collaborating with engineering teams on remediation efforts Preferred Qualifications Experience testing mobile applications, embedded systems, or third-party/vendor platforms Familiarity with PCI penetration testing requirements and compliance frameworks Experience supporting bug bounty programs including triage and validation Exposure to threat modeling and proactive risk assessments Experience mentoring or guiding security testers Strong understanding of networking and enterprise system architecture Experience improving or automating penetration testing processes and tooling Relevant certifications such as OSCP, OSCE, OSWE, or CISSP