Penetration Tester
Andersen is hiring a Penetration Tester to strengthen application and infrastructure security across international digital projects.
Andersen is a pre-IPO software development company providing a full cycle of services. For over 19 years, we have been helping enterprises and middle-sized firms worldwide transform their businesses by creating effective digital solutions using innovative technologies.
Today, we are working with organizations from various parts of the world, including North America, Western Europe, Israel, Australia, and the UAE. Our expertise covers FinTech, Healthcare, Retail, Telecom, Media & Entertainment, Logistics, Travel & Hospitality, eCommerce, and other industries.
Responsibilities:
Conducting and facilitating customer workshops.
Communicating with leads and stakeholders during pre-sales calls.
Gathering and analyzing business and technical requirements.
Preparing scope estimations for commercial proposals, including ballpark and detailed estimations.
Performing penetration tests of web servers, web applications, and internal infrastructure.
Managing the application security program, including the implementation of SSDLC for a highly dynamic and extensive engineering team.
Managing internal bug bounty program, validating and triaging findings, following up on remediation guidelines.
Reviewing the IaC codebases for security misconfigurations and weaknesses, as well as securing GitOps CI/CD pipelines.
Integrating and tuning SAST/DAST tools (CodeQL, SonarQube, Burp Enterprise) to optimize build performance and vulnerability detection.
Securing cloud-native infrastructure (Azure, AWS) and Kubernetes clusters through custom policies and runtime protection.
Implementing security best practices for Linux and Windows servers as part of the hardening process.
Administering networking hardware and firewalls (Cisco ASA, pfSense) with security best practices in mind.
Supporting the development and implementation of information security policies across an extensive, nation-spanning digital infrastructure.
Assisting in the implementation of security solutions such as NGFW, EDR, IDS/IPS.
Shadowing penetration tests conducted by senior testers.
Performing tasks, such as information gathering, vulnerability analysis, and report writing.
Performing security audits on network devices to assure conformity to security best practices.
Must-haves:
Strong hands-on experience in Application Security / Penetration Testing for 2+ years.
Deep expertise in web application penetration testing and vulnerability assessment.
Experience securing cloud-native environments (AWS and/or Azure).
Practical knowledge of SSDLC implementation and secure development practices.
Experience reviewing and securing CI/CD and GitOps pipelines.
Strong understanding of IaC security (Terraform, Ansible, infrastructure code reviews).
Experience with Kubernetes/container security.
Hands-on experience with security tooling such as Burp Suite, Metasploit, Trivy, Falco, SAST/DAST tools.
Strong networking and infrastructure security knowledge (TCP/IP, firewalls, routing, switching).
Experience performing infrastructure/network penetration testing.
Strong Linux and Windows security hardening knowledge.
Scripting skills (Python, Bash, PowerShell).
Experience writing technical security reports and communicating findings to engineering/business stakeholders.
Experience working directly with developers to remediate vulnerabilities.
Understanding of security standards/compliance frameworks (SOC2, ISO27001, etc.).
Ability to work independently in a self-managed environment.
Level of English – Upper-Intermediate and above.
Nice-to-haves:
OSCP certification.
Experience with bug bounty programs.
Experience with threat modeling exercises.
Knowledge of Active Directory security and common exploitation techniques.
Experience with VMware/vSphere or virtualization technologies.
Experience building or improving security logging/monitoring infrastructure.
Experience defining or implementing enterprise security policies.
Experience with blue team / defensive security activities.
Exposure to large-scale enterprise environments.
Experience working in product companies rather than only outsourcing/consulting.
Experience securing high-load or data-intensive applications.
Familiarity with DevSecOps practices and security automation.
Previous mentoring or technical leadership experience.
Experience coordinating with cross-functional stakeholders and engineering teams.
Reasons why this job would be interesting to you:
Andersen cooperates with such companies as Siemens, Johnson & Johnson, AstraZeneca, BNP Paribas, Allianz, Ryanair, TUI, Verivox, Media Markt, etc..
For the past four years, our company has been growing annually by 60–100%, and we constantly involve top-notch specialists in our team.
Andersen has mentoring and adaptation systems for new employees, and transparent performance review and assessment systems will allow you to determine your development path and plan your growth.
The most important thing that we value in our employees is a commitment to continuous learning. The company supports them in this and gives them access to the best educational platforms, seminars, and practices. In addition, for over 19 years, Andersen has assembled a huge knowledge base and established a robust resource management institution.
We have been strengthening our expertise since 2007. During this time, we have formed excellent teams with streamlined processes, where you can learn something new from your colleagues every day and enjoy your work.
We are a cool young team of like-minded people communicating informally.
You'll have a stable and competitive salary and an extensive benefits package.
At Andersen, we have many different ways to grow. You can improve as a specialist or a manager, and all your activities will be decently rewarded.
Your personal data is protected in accordance with GDPR regulations. Learn more: https://andersenlab.com/privacy-policy/pl
Join us!
Penetration Tester
Penetration Tester