Penetration Tester

Industry: Renewable energy sources

Work model: Hybrid, 2 days from the office in Warsaw per week

Type of contract: B2B

Start Date: ASAP

Contract length: 4 months with some possibility of extensions

Role overview: The role primarily focuses on enhancing the organisation's security posture by conducting thorough penetration tests on web applications, APIS, and cloud environments. This role is crucial for identifying vulnerabilities and ensuring compliance with internal security policies.

Responsibilities:

• Conduct internal penetration testing of web applications and APIs.
• Perform cloud penetration testing with a focus on AWS, Azure, and GCP environments.
• Review firewall rules and network segmentation for misconfigurations and risks.
• Provide detailed technical reports with risk ratings and remediation recommendations.
• Support ad-hoc testing needs from product and infrastructure teams.
• Participate in scoping, kickoff, and debrief sessions with relevant stakeholders.
• Ensure testing aligns with internal security policies and compliance requirements.

Key Requirements:

• Strong experience in web application and API penetration testing (e.g., OWASP Top 10, SSRF, auth bypass, etc.).
• Hands-on experience with cloud security assessments (AWS/Azure/GCP).
• Ability to assess firewall rules and network architecture from a security perspective.
• Familiarity with tools like Burp Suite Pro, Nmap, Nessus, Amass, and cloud-native tooling (e.g., ScoutSuite, Prowler).
• Solid reporting skills for technical and business audiences.
• OSCP or equivalent certification required.
• Good communication skills and the ability to collaborate closely with development, infrastructure, and security teams.

Nice to Have:

• Certifications such as OSWE, CCSK, or cloud certifications (e.g., AWS Security Speciality).