CSST Analyst

Mindbox is a tech-driven company connecting top IT talents with technology projects for leading enterprises across Europe. The role is within the Cybersecurity Research & Offensive Security (CROS) team, focusing on managing the Bug Bounty Program and cybersecurity operations.

• Strong written and verbal communication skills in English
• Ability to clearly articulate technical issues and their business impact
• Hands-on experience in penetration testing (at least 4 years)
• Expertise in at least one pentest domain (infrastructure, web apps, or mobile)
• Solid understanding of platform security models for iOS and Android
• Strong knowledge of web and mobile application security risks
• Practical experience with manual and automated testing methods
• Excellent understanding of TCP/IP, cryptography, and security implications
• Proven programming/scripting skills
• Ability to work independently and solve complex technical problems
• Previous participation in Bug Bounty Programs is a plus

Nice to have:

• Familiarity with OWASP MASVS, OWASP MSTG
• Experience with SAST, DAST, IAST tools and security code reviews
• Knowledge of DevOps practices and secure SDLC
• Experience with Java, Kotlin, Objective-C, Swift
• Understanding of OAuth2, JWT, SSL, Biometric Authentication, RASP
• Prior experience with cloud-hosted applications and reverse engineering

• Analyze, assess, and respond to security vulnerabilities reported via the Bug Bounty Program
• Reproduce and validate reported vulnerabilities and perform root cause analysis
• Communicate effectively with internal teams and external security researchers
• Collaborate with stakeholders to explain risks and track remediation progress
• Drive improvements in processes, tooling, and automation to enhance program efficiency
• Advise on vulnerability remediation, control implementation, and secure development practices
• Ensure continuous improvement of the Bug Bounty Program in line with cybersecurity strategy