Application Security Pentester, Specialist
About the role
The Application Security Pentester, Specialist leads and executes security assessments to identify, validate, and communicate security risks. They perform manual and automated penetration testing, conduct Secure Code Reviews and Dynamic Application Security Testing (DAST), and produce clear, actionable reports for technical teams and leadership.
Responsibilities
- Leads and executes penetration tests across a variety of technologies, including web applications, APIs, and AI-enabled systems. Performs manual and automated testing to identify, exploit, and validate vulnerabilities.
- Conducts other security assessments as needed, including Secure Code Reviews and/or Dynamic Application Security Testing (DAST).
- Develops detailed assessment reports and presents findings to technical teams and leadership. Coordinates security risk reporting and collaborates with IT sub-divisions, third-party partners, and business units to identify the impact of technology implementations on IT and business operations.
- Contributes to the evolution of team processes, testing methodologies, standards, and best practices.
- Maintains subject-matter expertise in common vulnerability classes and attack techniques (e.g., OWASP Top 10, OWASP Top 10 API, SANS Top 25), and remains familiar with relevant security frameworks (e.g., MITRE ATT&CK). Stays current on emerging threats, tools, and offensive security techniques.
- Participates in special projects and performs other duties as assigned.
Qualifications
- Minimum five years related work experience with three years experience in IT security or application development.
- Undergraduate degree in related field or equivalent combination of training and experience.
- Hands-on experience performing web application, API, and network penetration testing.
- Preferred experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tooling.
- Experience in on or more of the following a plus: cloud penetration testing, mobile penetration testing, AI red teaming.
- Proficiency in at least one programming or scripting language (e.g., Python, Java).
- Preferred security certifications such as OffSec Certified Professional (OSCP), OffSec Web Assessor (OSWA), OffSec Web Expert (OSWE), GIAC Penetration Tester (GPEN), or GIAC Web Application Penetration Tester (GWAPT).
Special Factors
Sponsorship: Vanguard is not offering visa sponsorship for this position.
About Vanguard: At Vanguard, we don't just have a mission—we're on a mission. To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
Empowered to learn, grow, and thrive
Rajesh D.: “Over the past 24 years, I’ve had the privilege of being part of Vanguard that is truly client-owned. What makes this place exceptional is its culture of niceness and collaboration. It’s more than just a job; it’s a place where you can grow, make meaningful contributions, and be part of a supportive, inclusive community. Every day, I am inspired by the dedication of my colleagues and the genuine care we have for our clients. Vanguard is where I and my work truly matters and where one can build a rewarding and fulfilling career.”
Akua A.: “I discovered my niche in cybersecurity at Vanguard through a combination of IT roles and the Technology Leadership Program. My initial IT roles provided me a solid technical foundation, while the leadership program offered exposure to various facets of technology and strategic thinking. The highly collaborative environment at Vanguard, combined with access to cutting-edge technology and continuous learning opportunities, solidified my commitment to cybersecurity. This specialization not only leverages my skills and interests but also provides a profound sense of purpose, knowing that my work directly contributes to the safety and trust of our clients.”
Diane T.: “What has always stood out to me about Vanguard is the people, our crew. Throughout my Vanguard journey, I’ve gotten a chance to explore various roles in security which has helped me navigate my career, and I have had the opportunity to work with the most incredible, supportive team members and leaders who truly care about me. Vanguard is truly the best place to work.”
Kelly P.: “When I was seeking an employer, I was looking for somewhere I could grow, be challenged, collaborate with others who encourage diversity of thought and innovation, and do purposeful, value-driven work that truly makes a difference. I am fortunate to not only have found that during my tenure at Vanguard, but also to find a place where I can build a long and engaging career, experience many milestones (like earning an MBA, getting married, and starting a family), and mentor others who are seeking to do the same. Our mission, combined with our distinctive culture and an encouragement to learn continuously has given me a great opportunity to develop in ways I never imagined!”
Megan M.: “Vanguard is not just a great place to work—it is a great place to have a career! As a company, we promote continuous learning and rotations which has allowed me to grow as a technical professional and as a leader. I have been encouraged to take on novel challenges and mentored to hone new skills preparing me for roles that I never imagined.”
Rehana V.: “Having started my career at Vanguard, I like to say I grew up here. During my time here, I have received endless support and opportunities for growth and learning. From supporting my diverse needs and perspectives, to affording me the flexibility to meet my personal obligations, Vanguard’s commitment to their crew has helped me grow into the best version of myself. Vanguard’s collaborative culture and mission driven purpose permeates through every aspect of my work and personal life.”