Penetration Tester

What we do

Hi, we are Vodeno. We are innovators in the Banking-as-a-Service space. Our technology is cloud-native, and our teams work in the cloud like fish in water. Supported by a leading global equity firm and the ecosystem of nearly 90 partners, our Platform opens new opportunities for businesses across Europe to integrate financial products and services into their solutions.

As part of the UniCredit Group, Aion Bank and Vodeno will accelerate their digital banking offer in strategic markets and will act as a sandbox for innovation for the wider UniCredit Group.

Based on financial sector know-how and expertise in cloud technology, we provide a set-up of customer-facing and daily banking services which include: digital onboarding, accounts, cards, payments, and lending with a white-label mobile app channel access.

We are defined by the following values:

• Client at the centre - we deliver value to our clients

• Curiosity - we want to know more!

• Accountability - we deliver on our promises

• Collaboration - we can achieve more with other

We are currently looking for a Penetration Tester ready to join our adventure.

What you will be doing

• Ensuring that applications developed internally and externally are secure

• Performing penetration tests of APIs, mobile apps and web apps

• Supporting and consult with product and development teams in the area of application security

• Assisting in development of automated security testing to validate that secure coding best practices are being used

• Making security reviews/audits to ensure configuration and access rights are proper in third party applications

• Monitor follow-ups to ensure that vulnerabilities are closed and risk eliminated or mitigated

• Realisation of yearly penetration testing plan and ad hoc tests for changed systems

Skills you should have

• Strong experience in security research, including understanding of application security attacks and vulnerabilities

• Excellent work organisation allowing to adhere to development teams needs

• Knowledge of web application and API security vulnerabilities

• Experience in conducting web application and API penetration tests, with a clear understanding of manual methods and tools in addition to automated scanners

• Understanding of encryption and authentication methods

• Experience with tools used for penetration testing such as Burp Suite, SQLMap, Kali/BackTrack, w3af

• Basic experience in mobile app penetration testing

• Basic scripting experience

• Knowledge about source code analysis methods

• Experience with OWASP

• Experience in Google Cloud will be an additional asset

• Openness to work from our Warsaw office 2-3 days per week (hybrid model)

What we offer

We offer a flexible form of contract according to your preference and the characteristics of the job. If you choose to be employed by us we offer tax relief for copyrights transfer (KUP).

If your role permits, we also offer flexible work location.

You will be provided an individual development budget, dedicated to enhancing your professional skills.

You will have opportunities to grow: as a Google Cloud Partner, we organise Vodeno Cloud Academy and you can get officially certified by Google.

You and your closest family will be covered with VIP-level private medical care which includes dental treatment and a hospitalisation package.

We cover psychological consultations if you ever feel you need such support.

We co-sponsor a sports card - Multisport.

You will work on Apple MacBook - a computer equipment that delivers the best user experience.

Our Warsaw office is nicely located with convenient commute options by public transport and by bike and offers healthy snacks throughout the day.

Our process

We keep our recruiting process simple.

Step 1: Talk with one of our Recruiters about your to-date experiences and ambitions

Step 2: Meet with your future colleagues for a technical interview

Step 3: Meet with your Team Manager to discuss how we fit each other

Our note to you

Diverse teams really are the best teams. Research shows that some candidates may hesitate to apply for a job unless they meet every requirement. If you are excited about working with us, we encourage you to apply - even if you're not 100% sure. We are interested in getting to know you and learning about what you bring to the table.

Please note that we may close a job posting early if we receive a large number of exceptional applications.

Good luck!