As a Senior Penetration Tester at a leading real estate information and online marketplace company with over three decades of experience, you will join a dedicated security team to enhance our internal and external facing processes, infrastructure, and applications. Your daily responsibilities include developing comprehensive test plans, validating vulnerabilities, and demonstrating exploitability to engineering teams and senior leadership. You will collaborate closely with detection engineering and incident response teams on purple team exercises, ensuring that preventative and detective controls are effective against realistic adversary techniques. Key skills required include expertise in web application and API penetration testing, secure code review, scripting in Python or PowerShell, and proficiency with tools like Burp Suite, OWASP ZAP, Nmap, and Metasploit. Additionally, you should have a deep understanding of cloud-native domains such as AWS and Kubernetes, and be able to mentor team members on offensive security techniques while staying current with emerging threats and trends.
Lead penetration tests on web applications and infrastructure using manual and automated techniques.
Develop test plans to validate vulnerabilities and demonstrate exploitability to teams and leadership.
Collaborate with detection engineering on purple team exercises to validate security controls.
Recommend remediations addressing root causes, including code changes and architectural improvements.
Stay current with attacker tradecraft and share knowledge with the broader security team.
What we're looking for
6+ years of technical experience with at least 3 years focused on penetration testing.
Proven expertise in web application and API penetration testing, including complex attack chains.
Ability to write clear vulnerability reports and communicate risks to senior leadership.
Proficiency in Python, PowerShell, or similar scripting languages for security tasks.
In-depth knowledge of offensive security tools like Burp Suite, OWASP ZAP, Nmap, Bloodhound, Metasploit.
Experience with cloud-native tech stacks and modern application testing methodologies.
Market check
Salary context
This listing doesn't show a salary. Similar roles on FindRole typically pay
$117,000–$198,000.
Peer median band
$117,000–$198,000
Median floor and ceiling across peers.
Typical midpoint (25–75%)
$135,300–$175,500
Middle half of comparable postings.
Based on 240 comparable postings.*
* 240 is the maximum number of comparable postings sampled.
Employer
About CoStar Group
CoStar Group is the leading provider of commercial real estate information, analytics, and online marketplaces, including CoStar, Apartments.com, and LoopNet platforms. Industry: Commercial Real Estate Data & Analytics
CoStar Group currently has
31 open roles
on FindRole.
Listed pay typically runs
$170,000–$222,000
across 11 roles with salary data.