Job title: Penetration Tester
Job type: Permanent
Emp type: Full-time
Industry: Insurance
Expertise: IT
Salary type: Monthly
Salary: 90.000 Kč
Job published: 03/01/2023
Job ID: 32314

Job Description

Do you want to be part of an internal security team which has impact on the quality of corporate environment?
Would you welcome a p
ossibility to improve your hard and soft skills via trainings and certifications?

Are you located in Prague and prefer to be visiting the offices?

We are looking for a new member of a team of international IT security professionals and ethical hackers with deep knowledge of application security and real curiosity of how things work.
A Penetration Tester who will help to find security vulnerabilities of web/mobile applications, underlying (cloud/traditional) infrastructure, and help to simulate various cyber-attack scenarios. We are offering a high degree of autonomy. Your professional growth will be actively supported with opportunities to take part in domain-relevant training and conferences. If you have a higher goals, there's a possibility to become a service lead in the near future.

What you will do:

- Perform penetration tests of web or mobile applications (DAST)
- Perform secure source code reviews (SAST) of a web or mobile applications
- Plan and execute scenario-based tests simulating selected threat
- Verification of responsible disclosure submissions
- Knowledge transfer to application developers
- Mentoring of junior colleagues
- Work on improvement of the Penetration Testing services

What do you need for this role?
Need to have:
- Experience with application penetration testing according to the OWASP ASVS standard
- Certification from Offensive Security (OSCP, OSWE)
- Good English communication skills
- Good understanding of security principles and web technologies
- Experience with source code review or mobile application or infrastructure testing
- Curiosity, Problem solving attitude, willingness to always learn more

Nice to have:
- Experience with developing web applications (preferably .NET languages, Java, and JavaScript)
- Experience with SSDLC, cloud security or DevSecOps
- Ability to transfer knowledge to other team members and penetration tests requestor
- Community contributions like development or improvement of domain-relevant tooling,
CTF writeups, published security research in form of a blog, CVE advisories, or in other public form