Senior Penetration Tester

Must-have:

• Minimum 3 years of hands-on penetration testing experience
• Strong web and mobile application testing expertise
• Solid knowledge of iOS and Android security models
• Practical experience with manual and automated security testing
• Strong understanding of TCP/IP and networking security
• Experience with SAST, DAST, IAST tools
• Strong programming/scripting skills
• Ability to explain complex security issues clearly to technical and non-technical audiences
• Excellent English communication skills (written & spoken)
• Ability to work independently or lead penetration testing teams

Technical Knowledge:

• Web technologies: HTML, XML, JavaScript, JSON, REST, Microservices
• Secure SDLC and DevOps environments
• Cryptography fundamentals and secure implementation practices
• Security mechanisms such as SSL/TLS, Certificate Pinning, OAuth2, JWT, SAML, RASP, biometric authentication
• Mobile security standards such as OWASP MASVS & MSTG

Nice to have:

• Code review experience (Java, Kotlin, Swift, Objective-C)
• Experience with cloud-hosted applications
• Reverse engineering or disassembly experience
• Background in secure software development

Certifications are not required but considered a plus.

• Lead and deliver end-to-end penetration tests across mobile applications (iOS & Android), web applications and APIs, infrastructure and network environments
• Perform manual penetration testing, source code reviews, and configuration assessments
• Clearly document findings, including root cause analysis and business risk impact
• Design and demonstrate proof-of-concept exploits when required
• Collaborate with DevOps and engineering teams to support remediation efforts, improve secure development practices, and automate repetitive security testing tasks
• Assess product release risk and identify potential misuse scenarios
• Track remediation activities and support risk acceptance processes
• Support incident response activities when required
• Evaluate new security testing technologies and recommend improvements
• Monitor security industry developments and emerging threats
• Contribute to process enhancements and quality improvements
• Mentor junior team members and support knowledge sharing