Penetration Tester

• Perform penetration tests of web or mobile applications (DAST)

• Perform secure source code reviews (SAST) of a web or mobile applications
• Plan and execute scenario-based tests simulating selected threat
• Verification of responsible disclosure submissions
• Knowledge transfer to application developers
• Mentoring of junior colleagues
• Work on improvement of the Penetration Testing services

Need to have:

• Experience with application penetration testing according to the OWASP ASVS standard

• Certification from Offensive Security (OSCP, OSWE)
• Good English communication skills
• Good understanding of security principles and web technologies
• Experience with source code review or mobile application or infrastructure testing
• Curiosity, Problem solving attitude, willingness to always learn more

Nice to have:

• Experience with developing web applications (preferably .NET languages, Java, and JavaScript)

• Experience with SSDLC, cloud security or DevSecOps
• Ability to transfer knowledge to other team members and penetration tests requestor
• Community contributions like development or improvement of domain-relevant tooling, CTF writeups, published security research in form of a blog, CVE advisories, or in other public form

• You can be part of an internal security team which has impact on the quality of corporate environment

• Possibility to improve your hard and soft skills via trainings and certifications
• International team – possibility to use English on daily bases
• New modern office in the Anděl, however nowadays we're working mostly from home
• Other benefits such as language courses, iPhone 11, MultiSport Card, Cafeteria program...

Does it sound like a #dreamjob to you? Let us know, we are looking forward to talk to you! 👍