The Opportunity: Avantor's Application Penetration Tester will conduct penetration testing and vulnerability assessments of web applications, mobile applications, and other applications as applicable for compliance with Avantor's policies, standards, regulatory requirements, and deviation from leading practices. Provide information to management regarding impact to the business caused by theft, destruction, alteration or denial of access to information and systems through report generation. Create targeted remediation guidance for vulnerabilities identified. Develop policies, standards, and standard operating procedures for penetration testing at Avantor. Advise Avantor's Security Operations teams and development teams on methods of attack and potential detection mechanisms.What we're looking for Education: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent professional experience. 2+ years of experience in application penetration testing, with a focus on web and mobile applications. Minimum 3 years of software development experience or application security experience. Certifications/trainings such as GWAPT, PWAPT, CSSLP, GXPN, or similar are a bonus but not required. Strong understanding of common web application vulnerabilities, as well as experience in exploiting and mitigating them. Familiarity with security assessment tools such as Burp Suite, OWASP ZAP, Metasploit, sqlmap, and others. Proficiency in at least one programming language (e.g., PHP, Java, Python) to develop and customize testing scripts and tools. Who you are You have excellent understanding of the OWASP Top Ten vulnerabilities and other industry leading practices. Able to work independently and efficiently, and able to manage a testing project pipeline with numerous tests that could shift in priority at a moment's notice. You have strong analytical and problem-solving skills, with attention to detail. Effective communication skills to interact with technical and non-technical stakeholders, both in writing and verbally. You can read PHP, Java, Python, Angular, or other similar programming languages to identify vulnerabilities and provide targeted remediation guidance relevant to the language/framework in use. How you will create an impact Conduct crystal box application penetration tests on web and mobile applications to identify security vulnerabilities, including but not limited to SQL injection, cross-site scripting (XSS), authentication bypass, and more. Utilize a combination of manual testing, automated tools, and manual code analysis to identify weaknesses and potential entry points. Collaborate closely with development teams and application security engineers to communicate findings, propose remediation strategies, and guide the implementation of fixes. Perform security assessments based on industry standards and frameworks. Stay up to date with emerging security threats, attack vectors, and mitigation techniques to enhance our testing methodologies and remediation options. Document and report test findings, including vulnerability details, risk ratings using OWASP Risk Rating methodology, and remediation recommendations, in a clear and concise manner. Contribute to the development of testing methodologies, tools, and leading practices within the application security team. Provide guidance and mentorship to developers regarding secure coding practices and vulnerability remediation relevant to their code base. #LI-Remote Disclaimer: The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer. Why Avantor? Dare t