Role Summary:
The Security Tester is responsible for performing advanced, hands-on security testing across web, mobile, API, cloud, and internal systems. The role focuses on identifying high-impact vulnerabilities, chaining issues into realistic attack scenarios, and clearly communicating risks through strong evidence and reporting. You will provide practical remediation guidance and play a key part in strengthening the organization’s overall security posture.
Responsibilities:
- Execute advanced, hands-on penetration testing across diverse environments, including web applications, mobile apps (iOS/Android), APIs, cloud platforms (AWS/GCP), and complex internal systems.
- Focus on core application components (APIs, authentication flows, and IAM configurations) where high-impact vulnerabilities typically emerge.
- Go beyond identifying standalone issues by chaining multiple vulnerabilities into realistic, high-severity attack paths.
- Demonstrate how minor findings can evolve into major risks (e.g., XSS → token theft → privilege escalation → full system compromise).
- Communicate risks clearly and convincingly through evidence-driven demonstrations and practical exploitation scenarios.
- Deliver polished, detailed reports outlining attack methodologies, impact assessments, and clear, actionable remediation guidance.
- Provide recommendations that are aligned with the system’s architecture and feasible for engineering teams to implement.
- Contribute to enhancing the organization’s overall security posture and defense strategies.
- Perform additional security-related tasks as directed by the Line Manager.
Requirements:
- At least 4 years of hands-on experience in penetration testing.
- Strong proficiency in Web Application Security, including OWASP Top 10 and advanced issues such as blind injections, insecure deserialization, business logic abuses, SSRF, and API/GraphQL vulnerabilities.
- Solid experience in Mobile Security (iOS/Android), including static/dynamic analysis with tools like Frida and MobSF, and understanding mobile-specific risks such as insecure data storage and reverse-engineering defenses.
- Strong knowledge of Cloud Security in AWS/GCP, particularly around misconfigurations, excessive IAM permissions, exposed storage, and cloud privilege escalation techniques.
- Proficiency with Burp Suite Pro and the ability to develop custom scripts or tools using Python, Bash, or PowerShell.
- A true hacker mindset, capable of correlating subtle weaknesses into impactful attack scenarios and thinking adversarially to uncover systemic risks.
What we offer:
- Competitive Compensation: Enjoy a salary package tailored to your skills and experience, along with performance-based bonuses.
- Top-Tier Equipment: Stay productive with the latest tools, including a MacBook and iPhone, to maximize productivity.
- Growth & Oppotunity: Join a fast-growing, international environment with room to expand your expertise and take on new challenges.
- Thriving Culture: Immerse yourself in a dynamic, inclusive work environment that values innovation, ownership, and continous learning.
