CSST Analyst - Penetration Test

Unleash cybersecurity excellence — pioneer the future of secure digital innovation.

Krakow-based opportunity with hybrid work model

As a Penetration Testing Security Analyst – Mobile and Web Applications, you will be working for our client, a leader in the financial sector dedicated to safeguarding digital assets and elevating cybersecurity standards. Your expertise will directly contribute to identifying vulnerabilities, strengthening defenses, and driving continuous improvement within the Bug Bounty Program — shaping resilient financial solutions and fostering trust.

Your main responsibilities:

• Analyze, assess, and respond to security vulnerabilities received through the Bug Bounty Program

• Research and reproduce identified security issues to understand root causes

• Perform root cause analysis and recommend effective remediation strategies

• Communicate findings clearly and effectively with internal teams and external security researchers

• Collaborate with stakeholders to understand risks and oversee remediation progress

• Drive enhancements in tooling, automation, and process setup to improve program efficiency

• Continuously improve the quality and maturity of the Bug Bounty Program aligned with cybersecurity strategy

• Advise on vulnerability remediation, control implementation, and secure development practices

You're ideal for this role if you have:

• At least 4 years of hands-on experience in penetration testing

• Proven participation in Bug Bounty Programs is a plus

• Strong understanding of platform security models for iOS and Android

• Deep knowledge of security risks and common vulnerabilities in mobile and web applications, especially in financial contexts

• Practical skills in penetration testing across infrastructure, web, and mobile technologies, utilizing manual and automated methods

• Excellent TCP/IP security understanding

• Web application testing expertise

• Proven programming and scripting skills

• Ability to communicate complex security concepts to both technical and non-technical audiences

• Critical thinking and problem-solving capabilities in complex technical scenarios

• Independence and entrepreneurial attitude to excel in loosely defined or evolving environments

• Expertise in at least one pen testing domain (infrastructure, apps, mobile)

It is a strong plus if you have:

• Certifications in cybersecurity or penetration testing

• Knowledge of cryptography application in secure development

Language Required for the role:

• Fluent English (both written and verbal) for all formal communication

Eligibility for the role:

• Only candidates with an existing legal right to work in Europe will be considered for this role

#MAKEYourCareerBETTERInterested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.

We offer you 

At ITDS, you will work on innovative and impactful technology projects for international companies across multiple industries in Europe and beyond. We create an environment for ambitious, driven professionals who want to grow, deliver value, and build their careers in modern IT and digital transformation. 

Our offer includes: 

• Stable and long-term cooperation with attractive conditions 

• Opportunities to develop your technical expertise across various industries and technologies 

• The chance to work on high-impact, strategic IT and digital transformation projects 

• A clear career path and the opportunity to grow quickly by contributing to diverse client initiatives over time 

• International environment, knowledge sharing, social events, and training opportunities 

• Access to an attractive medical package 

• Access to the Multisport program 

• Access to learning platforms such as Pluralsight 

• Flexible working hours and remote work options