Security QA Engineer (Penetration Testing Focus)

• Experience in mobile application penetration testing
• Experience in infrastructure penetration testing
• Comprehensive understanding of the Secure Software Development Lifecycle (SSDLC)
• Previous participation in bug bounty programs and/or Capture The Flag (CTF) competitions
• Relevant certifications such as BSCP, CWES, eMAPT, eWPT, OSCP+, or equivalent
• English proficiency at B1+ level or higher

Nice to have:

• Additional certifications such as OSCP, CEH, or similar
• Knowledge of modern AI tools and practical experience using them in daily work

• Perform penetration testing and vulnerability assessments of web applications and APIs
• Document identified vulnerabilities and provide clear, detailed remediation recommendations with strong attention to detail
• Support product owners and development teams in vulnerability remediation efforts
• Apply established security testing methodologies such as OWASP WSTG or equivalent application security frameworks
• Demonstrate strong knowledge of the OWASP Top 10 and common web application vulnerabilities, including XSS, SQL Injection (SQLi), SSRF, and others
• Possess deep understanding of various vulnerability types, their root causes, exploitation techniques, and remediation approaches
• Effectively use application security testing software and common penetration testing tools such as Kali Linux, Burp Suite, Metasploit, Nmap (NSE), Acunetix, and similar solutions