Penetration Tester

We are looking for an experienced Penetration Tester to join our cybersecurity team and take a leading role in conducting advanced penetration tests that simulate real-world attack scenarios.

This position focuses on testing external services through:

• Insider Attack Simulation – Assessing the security posture against internal threats.
• Adversary Emulation – Mimicking tactics, techniques, and procedures (TTPs) used by Advanced Persistent Threats (APTs), such as FIN3.
• Cloud Assessment – Performing penetration testing on cloud environments to identify and mitigate risks.

Your responsibilities

• Conduct penetration tests on external services, aligning with real-world threat models and APT methodologies.
• Develop and execute comprehensive attack scenarios covering domains, infrastructure, and identity components.
• Collaborate with internal teams to simulate and analyze adversary behavior using frameworks like MITRE ATT&CK.
• Document findings and provide actionable remediation guidance to stakeholders.
• Stay updated on emerging threats and penetration testing techniques to enhance testing methodologies.
• Assist in threat modeling and red teaming exercises.
• Ensure compliance with industry standards and regulatory requirements.

Our requirements

• Proven experience in penetration testing with a focus on adversary emulation and real-world attack simulation.
• Strong understanding of cybersecurity domains, including infrastructure, identity management, and cloud environments.
• Hands-on experience with tools such as Cobalt Strike, Empire, BloodHound, and cloud-native security solutions.
• Familiarity with APT attack tactics, techniques, and procedures, such as those used by FIN3 and other advanced threat groups.
• Deep knowledge of cloud security best practices across platforms like AWS, Azure, and Google Cloud.
• Certifications such as OSCP, OSWE, OSEP, or similar are highly valued.
• Excellent problem-solving skills and the ability to think like an adversary.
• Strong communication and reporting skills.

Optional:

• Experience with scripting and automation (Python, PowerShell, Bash, etc.).
• Background in incident response or threat hunting.
• Contribution to the cybersecurity community through research or tool development.

Development opportunities we offer

• conferences abroad
• conferences in Poland
• development budget

What we offer

• A dynamic work environment with opportunities to contribute to cutting-edge cybersecurity operations.
• Clear growth paths to roles like Incident Responder, Threat Hunter, or Cybersecurity Architect.
• Access to ongoing training and certifications to support your professional development.
• Balance between professional and personal life — 30 days of Paid Time Off yearly.
• Participation in industry conferences to stay up-to-date with the latest trends and innovations.
• Competitive bonuses linked to individual and team performance.

Benefits

1. Paid Time Off

• We offer 30 days of paid time off annually, in addition to public holidays, ensuring you have enough time to relax and recharge. This benefit supports a healthy work-life balance and helps you stay energized and productive.

2. Company-Sponsored Lunches

• We collaborate with a local restaurant to provide daily meals for our employees. Each day offers a diverse menu with approximately seven options, which changes weekly to ensure variety and satisfaction.

3. Professional Liability Insurance

• To provide peace of mind, we offer professional liability insurance, protecting employees against client claims in case of errors. This benefit significantly contributes to maintaining a positive work environment and mental well-being.

4. Conferences and Events

• Our team actively participates in numerous conferences, not only as attendees but also as speakers. There’s always an opportunity to engage and grow professionally.

5. Training Budget

• Continuous learning and certification are essential in our department. We fully support certifications - your professional development is a priority for us.

6. Quarterly Bonus

• All employees are eligible for a quarterly bonus, provided they meet key criteria such as independence, professionalism, proactivity in their roles, and adherence to SLA requirements.