Penetration Tester, Security Assessment Platform

About the Position

We are looking for a Middle Penetration Tester who will be involved in network and application level security assessments. You will use automated tools and manual techniques to identify and verify security vulnerabilities. This role includes preparing assessment reports, interacting with clients to clarify scope and gather information, and contributing to the improvement of security processes and tools.

About the Project

A security focused initiative aimed at performing vulnerability assessments and penetration tests for a variety of digital systems. The project supports continuous improvement of security practices and contributes to the development of internal tools and methodologies. The work includes research activities, process enhancement, and collaboration with technical teams to strengthen overall security posture.

About the Team

You will join a security oriented team that consists of penetration testers, security analysts, and engineers. The team collaborates closely, shares knowledge, and supports research and internal tool development.

Responsibilities

• Conduct network and application level security assessments
• Use automated tools and manual techniques to identify and validate vulnerabilities
• Prepare clear and comprehensive assessment reports with root cause details and remediation steps
• Communicate with clients to gather information, clarify scope, and discuss security controls
• Support internal security competence development through research, tool creation, and process improvement
• Collaborate with other team members across security and engineering domains

Requirements

• One year of experience performing vulnerability assessments and penetration tests
• Three years of experience in the IT industry with familiarity across technologies such as Linux, Windows, Active Directory, JavaScript, .NET, SQL
• Experience applying structured methodology for vulnerability assessments and penetration tests
• Understanding of web application vulnerabilities
• Ability to describe and report vulnerabilities along with typical remediation activities
• Experience with open source and commercial security tools including Burp Suite, Nessus, Metasploit, Nmap, sqlmap
• Knowledge of programming or scripting for creating auxiliary security tools
• Ability to work effectively with customers and self manage in challenging situations

Nice to Have

• Security certifications including OSCP, CRTO, CPTS, eWPT, BSCP
• Strong programming experience in a modern language
• Experience with mobile application penetration testing
• Experience with reverse engineering and binary analysis
• Experience publishing technical content or speaking at industry events
• Familiarity with security standards including PCI DSS and ISO 27000

Technologies

Burp Suite, Nessus, Metasploit, Nmap, sqlmap, Linux, Windows, Active Directory, JavaScript, .NET, SQL, scripting languages