Penetration Tester

For one of our key Clients we're looking for an expert specialist for the position of:

Senior Automation Tester (Python + Security)

Terms of engagement:

Area: Consulting IT (project for transportation area)

Localisation: 100% remote

Start: ASAP (max 3 months notice period)

Salary rate (determined individually): 120 - 135 PLN net + VAT / h

Terms: B2B (outsourcing via 1dea), full-time, long-term

Recruitment process (100% remotely):

• Phone "hello" interview with 1dea recruitment consultant (~10 min)
• Technical and business conversation with our Client (approx. 1 hour)
• Decision to cooperate

Scope of duties:

• Understand Security Needs: Collaborate with architects and product owners to define security requirements and limitations.
• Craft Security Tests: Design test scripts using security tools (Burp Suite, OWASP ZAP) to comprehensively cover all security aspects.
• Build Security Frameworks: Develop, implement, and document reusable security testing frameworks for efficient testing.
• Execute Security Testing: Conduct various tests (vulnerability assessments, threat modeling) for both on-premise and cloud environments using chosen tools and methodologies.
• Report & Mitigate Risks: Identify, document, analyze vulnerabilities, threats, and risks; recommend solutions; monitor security trends and report findings to stakeholders.

Requirements:

Experience:

• Minimum 3 years of hands-on experience applying security testing practices.
• Proven track record in securing backend, API, and web service applications.

Technical Skills:

• Strong understanding of security testing tools (Burp Suite, OWASP ZAP, etc.).
• Ability to automate security testing using scripting languages (Python preferred).
• Expertise in security analysis and designing effective security tests.
• Experience with security monitoring and diagnostic tools (SIEM systems).
• Security-focused knowledge of messaging protocols and API technologies.
• Proficiency in Unix/Linux with a focus on secure configurations and best practices.
• Practical experience with automated testing frameworks (Selenium WebDriver, Cypress, Playwright).
• Working knowledge of SQL and relational databases from a security perspective.

Certifications & Methodologies:

• Industry-recognized security certification (ISTQB Security Tester, CompTIA Security+, etc.).
• Solid grasp of networking technologies including encryption, load balancing, and firewalls.
• Experience following established security testing methodologies and processes.

Reporting & Integration:

• Proven ability to create comprehensive security test reports with actionable findings and recommendations.
• Familiarity with DevSecOps tools (Bitbucket, Jenkins, GitLab) for integrating security testing into the CI/CD pipeline.

We offer:

• A transparent model of long-term cooperation (B2B contract for an indefinite period)
• Stable and safe involvement in a company with a solid market position
• Modern equipment provided by the company, along with software and configuration
• Flexible working hours
• Possibility to work remotely 100% of the time
• Professional advice and career support by a team of experienced specialists
• A mature and sustainable design ecosystem
• Good atmosphere in the team - values such as camaraderie, openness, respect, mutual help and support in development are important to us
• We try to work in the spirit of Agile, which we understand as: continuous improvement, effective cooperation and the use of an empirical approach during the development of manufactured products
• We support a culture of creativity - each team member has the opportunity to propose their own ideas or solutions - you will always be listened to and your suggestions will be taken into account