Penetration Tester

Project overview

A security-focused initiative aimed at performing vulnerability assessments and penetration tests for a variety of digital systems. The project supports continuous improvement of security practices and contributes to the development of internal tools and methodologies. The work includes research activities, process enhancement, and collaboration with technical teams to strengthen the overall security posture.

Team

You will join a security-oriented team that consists of penetration testers, security analysts, and engineers. The team collaborates closely, shares knowledge, and supports research and internal tool development.

Position overview

We are looking for a Middle Penetration Tester who will be involved in network and application-level security assessments. You will use automated tools and manual techniques to identify and verify security vulnerabilities. This role includes preparing assessment reports, interacting with clients to clarify scope and gather information, and contributing to the improvement of security processes and tools.

Technology stack

Burp Suite, Nessus, Metasploit, Nmap, sqlmap, Linux, Windows, Active Directory, JavaScript, .NET, SQL, scripting languages

Responsibilities

• Conduct network and application-level security assessments

• Use automated tools and manual techniques to identify and validate vulnerabilities

• Prepare clear and comprehensive assessment reports with root cause details and remediation steps

• Communicate with clients to gather information, clarify scope, and discuss security controls

• Support internal security competence development through research, tool creation, and process improvement

• Collaborate with other team members across security and engineering domains

Requirements

• One year of experience performing vulnerability assessments and penetration tests

• Three years of experience in the IT industry with familiarity across technologies such as Linux, Windows, Active Directory, JavaScript, .NET, SQL

• Experience applying structured methodology for vulnerability assessments and penetration tests

• Understanding of web application vulnerabilities

• Ability to describe and report vulnerabilities along with typical remediation activities

• Experience with open source and commercial security tools, including Burp Suite, Nessus, Metasploit, Nmap, and sqlmap

• Knowledge of programming or scripting for creating auxiliary security tools

• Ability to work effectively with customers and self-manage in challenging situations

Nice to have

• Security certifications, including OSCP, CRTO, CPTS, eWPT, BSCP

• Strong programming experience in a modern language

• Experience with mobile application penetration testing

• Experience with reverse engineering and binary analysis

• Experience publishing technical content or speaking at industry events

• Familiarity with security standards, including PCI DSS and ISO 27000

What We Offer:

• Vacation days: Up to 26 business days per year.

• 10 illness/special days off per year (fully paid, no medical papers needed) for all contract types

• Health and life insurance (Luxmed)

• MyBenefit platform with Multisport option

• Internal psychological support service

• English language classes from the first working day

• Access to external learning platforms: O’Reilly, LinkedIn Learning, Udemy, and a wide catalog of diverse internal training

• Flexible workplace: work from the office, from home, or choose a hybrid option

• Tech Skills Mentoring Program

• Opportunities to develop as a public speaker, mentor, or technical interviewer

• Fully paid idle (bench) when not involved in a project

• Certification reimbursement (AWS, GCP, Microsoft, etc.)