Application Security Specialist - Invicti
Fulltime
Job Summary
We are seeking an experienced Application Security Specialist to strengthen the security posture of web applications and APIs through Dynamic Application Security Testing (DAST), automated vulnerability scanning, and continuous security testing. This role will leverage Invicti Enterprise to support scalable application security testing across the secure SDLC, including integration within CI/CD pipelines. The ideal candidate will have strong hands-on experience configuring, operating, and optimizing Invicti (Acunetix/Netsparker) or comparable DAST platforms in an enterprise environment, with demonstrated ability to validate findings, troubleshoot scan issues, and partner effectively with development teams.
Onboard web applications and APIs to the Invicti Enterprise platform for authenticated and unauthenticated DAST scans.
Configure DAST scans using pre-request scripts and custom scan settings to support complex authentication and application flows.
Monitor scan execution, status, and failures; troubleshoot issues related to authentication, session handling, crawl limitations, and coverage gaps
Analyze, validate, and triage vulnerabilities identified by Invicti, distinguishing true positives from false positives and appropriately dispositioning findings
Perform manual verification using Burp Suite, as needed, to reduce false positives and false negatives
Integrate DAST scanning into CI/CD pipelines to enable continuous security testing within DevOps workflows
Stay current on emerging web application and API vulnerabilities, OWASP Top 10 and API Top 10, and application security best practices
Required Skills & Qualifications
Strong understanding of web technologies, including HTTP/S, requests and responses, headers, cookies, and session handling
Hands on experience writing JavaScript for scan configuration and pre-request scripting
3-5 years of hands-on experience with Invicti (Acunetix/Netsparker) or comparable enterprise DAST tools
Solid understanding of OWASP Top 10, CWE, and common web and API vulnerabilities
Experience with authentication mechanisms such as OAuth, SAML, JWT, and cookie based authentication
Demonstrated ability to analyze scan results and confidently distinguish valid vulnerabilities from false positives
Strong communication skills with the ability to collaborate effectively with developers, DevOps teams, and security stakeholders
3-5 years of application security experience, with a focus on DAST and secure SDLC practices
Preferred Qualifications
Experience with additional security tools (e.g., Burp Suite, OWASP ZAP, Snyk, HCL AppScan, Fortify Web Inspect).
Scripting or programming experience (Python, Java, JavaScript, or similar languages).
Experience with cloud platforms (AWS, Azure, Google Cloud Platform).
Security certifications (e.g., CEH, GWAPT, OSCP).
Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI DSS).
Experience with CI/CD tools such as Jenkins, GitHub, or Harness.
Hands-on experience with web application and API security testing.
Fulltime
Job Summary
We are seeking an experienced Application Security Specialist to strengthen the security posture of web applications and APIs through Dynamic Application Security Testing (DAST), automated vulnerability scanning, and continuous security testing. This role will leverage Invicti Enterprise to support scalable application security testing across the secure SDLC, including integration within CI/CD pipelines. The ideal candidate will have strong hands-on experience configuring, operating, and optimizing Invicti (Acunetix/Netsparker) or comparable DAST platforms in an enterprise environment, with demonstrated ability to validate findings, troubleshoot scan issues, and partner effectively with development teams.
Onboard web applications and APIs to the Invicti Enterprise platform for authenticated and unauthenticated DAST scans.
Configure DAST scans using pre-request scripts and custom scan settings to support complex authentication and application flows.
Monitor scan execution, status, and failures; troubleshoot issues related to authentication, session handling, crawl limitations, and coverage gaps
Analyze, validate, and triage vulnerabilities identified by Invicti, distinguishing true positives from false positives and appropriately dispositioning findings
Perform manual verification using Burp Suite, as needed, to reduce false positives and false negatives
Integrate DAST scanning into CI/CD pipelines to enable continuous security testing within DevOps workflows
Stay current on emerging web application and API vulnerabilities, OWASP Top 10 and API Top 10, and application security best practices
Required Skills & Qualifications
Strong understanding of web technologies, including HTTP/S, requests and responses, headers, cookies, and session handling
Hands on experience writing JavaScript for scan configuration and pre-request scripting
3-5 years of hands-on experience with Invicti (Acunetix/Netsparker) or comparable enterprise DAST tools
Solid understanding of OWASP Top 10, CWE, and common web and API vulnerabilities
Experience with authentication mechanisms such as OAuth, SAML, JWT, and cookie based authentication
Demonstrated ability to analyze scan results and confidently distinguish valid vulnerabilities from false positives
Strong communication skills with the ability to collaborate effectively with developers, DevOps teams, and security stakeholders
3-5 years of application security experience, with a focus on DAST and secure SDLC practices
Preferred Qualifications
Experience with additional security tools (e.g., Burp Suite, OWASP ZAP, Snyk, HCL AppScan, Fortify Web Inspect).
Scripting or programming experience (Python, Java, JavaScript, or similar languages).
Experience with cloud platforms (AWS, Azure, Google Cloud Platform).
Security certifications (e.g., CEH, GWAPT, OSCP).
Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI DSS).
Experience with CI/CD tools such as Jenkins, GitHub, or Harness.
Hands-on experience with web application and API security testing.
Job ID: 523038847
Originally Posted on: 5/30/2026
Want to find more Technology opportunities?
Check out the 165,505 verified Technology jobs on iHireTechnology
Similar Jobs
Sign Up for Job Alerts
