Senior Pentester

As a Senior Pentester you will become a key member of our growing Cybersecurity team responsible for an international project (French customer) and operating within a Zero Trust Security model. We’re counting not only on your technical expertise but also on your ability to cooperate with others, with particular attention to knowledge sharing and mentoring junior team members.

Cooperation is based on a Contract of Employment and a hybrid work model (2 days per week in our Wrocław office).

Responsibilities:

• Plan and lead tests from start to finish: scope, Statement of Work, rules of engagement, and legal/risk checks

• Conduct technical audits (including PenTesting & configuration audits) on various scopes of differing complexity

• Identify and combine weaknesses to demonstrate real impact, always safely and within scope

• Facilitate workshops to develop Red Team philosophy & contribute to promoting Purple Team while considering Blue Team maturity

• Write clear reports with evidence, risk ratings (e.g., CVSS), business impact, and practical fixes; present results to technical and non-technical audiences

• Agree on priorities with owners, advise on fixes and compensating controls, plan and perform retests

• Improve methods and tools: keep playbooks up to date, write scripts/PoCs, maintain lab environments, and share research

• Teach and support junior testers: 1:1s, pair testing, guided labs, internal trainings; review their work; assist with hiring and onboarding

• Share knowledge with the team and community: tech talks, write-ups, lessons learned; publish blogs or talks; contribute to open source

• Work with stakeholders: run briefings/workshops and translate technical risks into business language

• Support presales: scope proposals, estimate effort, write SoWs, and participate in client meetings

• Follow ethics and standards (PTES, OWASP, NIST, ISO, PCI DSS) and protect sensitive data

Our requirements:

• 5+ years of hands-on penetration testing across multiple areas; experience leading projects and mentoring others (2+ years)

• Strong knowledge of networking (TCP/IP, DNS, routing), Linux, and web technologies (HTTP(S), TLS, REST/GraphQL)

• Good understanding of identity and authentication: Kerberos/NTLM, OAuth2/OIDC, SAML, JWT; AD/Entra ID and common IdPs (e.g., Okta/Azure AD)

• Advanced exploitation skills: validate findings, build simple PoCs, chain issues, escalate privileges, move laterally, and maintain strong OPSEC

• Solid Cloud and container security experience: IAM, segmentation, serverless, secrets, supply chain, Kubernetes (RBAC/admission), and CI/CD attack paths

• Knowledge of tools: Burp Suite Pro, Nmap, Wireshark, Metasploit; cloud CLIs; and C2 frameworks (e.g., Cobalt Strike, Sliver) when permitted

• Scripting/programming: Python and at least one of: PowerShell/Bash/Go; Git; ability to automate and build safe custom tooling

• Ability to apply and adapt methods and frameworks as needed: PTES, OWASP Testing Guide, NIST SP 800-115; map work to MITRE ATT&CK; basic threat modeling

• Clear communication: concise writing, effective presentations, and risk prioritization linked to business impact

• Fluency in both Polish and English (at least B2)

Nice to have:

• Certifications: CEH, CISSP, OSCP, GPEN/GXPN/GMOB, CRTO, CCSK/CCSP

• Deeper experience with Red Teaming, detection engineering, and telemetry tuning

• Reverse engineering and exploit development (e.g., Ghidra/IDA) or fuzzing

• Advanced mobile testing (e.g., Frida/Objection, instrumentation)

• Open-source contributions, research/CVEs, conference talks, or a strong bug bounty record

• Experience with compliance/risk frameworks (PCI DSS, ISO 27001/SOC 2, NIST CSF) and measurement (KPIs/OKRs)

• Knowledge of the French language

We offer:

• Stable employment based on an employment contract

• Hybrid work model (2 days from the office / 3 days from home)

• Pension program – after 6 months of employment, Orange will contribute 7% of your gross salary each month to your retirement account

• Private medical care with PZU Zdrowie

• Interest-free loans for housing, health, and other purposes

• Subsidy for vacation

• FitProfit sports card

• Integration events and trips co-financed from the social fund

• Option to join group insurance on preferential terms

• Smartphone with unlimited Internet – also for private use

• Preferential offer for Orange services

• Diverse and tailored development opportunities – training, access to educational platforms (including language learning platforms), internal internship programs, and inspiring educational events

• “Health YES” – a program for people with disabilities

• “I’m in the game” – support for parents returning to work after parental leave

• Wellbeing programs

• Volunteering in cooperation with the Orange Foundation