Penetration Tester

We are hiring a Penetration Tester who will lead offensive security assessments across web applications, mobile apps, APIs, and network infrastructure. The ideal candidate is a technical expert who can dig deep into application logic, bypass advanced protections, and also pivot through networks like a seasoned red teamer.

• Perform manual assessments beyond automated scanners, focusing on business logic flaws;
• Perform authenticated and unauthenticated black/gray-box full testing, simulating real attacker behavior;
• Identify, exploit, and document security vulnerabilities with clear risk assessments and remediation guidance;
• Perform manual/automated secure code review and threat modeling;
• Participate in red team exercises and threat simulations when needed;
• Collaborate with DevOps, DevSecOps, Product, and Security teams to prioritize and fix findings.

• 2+ years of experience as a Penetration Tester;
• High proficiency in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile applications, and other information systems);
• Experience with secure source code review / static analysis (manual and/or automated);
• Familiarity with CI/CD security, integrating tools or custom scripts into pipelines for automated security testing;
• Strong skills in various operating systems, including Windows, Linux/Unix, Mac OS, iOS, and Android;
• Understanding of web/mobile application architecture;
• Scripting and programming skills;
• Certifications such as OSCP, OSWE, OSEP, eWPT, eWPTX, eMAPT, eCPPT, eCPTX, CRTO, and CRTL are highly desired.