Do you want to be part of an internal security team which has impact on the quality of corporate environment?
Would you welcome a possibility to improve your hard and soft skills via trainings and certifications?
Are you located in Prague and prefer to be visiting the offices?
We are looking for a new member of a team of international IT security professionals and ethical hackers with deep knowledge of application security and real curiosity of how things work.
A Penetration Tester who will help to find security vulnerabilities of web/mobile applications, underlying (cloud/traditional) infrastructure, and help to simulate various cyber-attack scenarios. We are offering a high degree of autonomy. Your professional growth will be actively supported with opportunities to take part in domain-relevant training and conferences. If you have a higher goals, there's a possibility to become a service lead in the near future.
What you will do:
- Perform penetration tests of web or mobile applications (DAST)
- Perform secure source code reviews (SAST) of a web or mobile applications
- Plan and execute scenario-based tests simulating selected threat
- Verification of responsible disclosure submissions
- Knowledge transfer to application developers
- Mentoring of junior colleagues
- Work on improvement of the Penetration Testing services
What do you need for this role?
Need to have:
- Experience with application penetration testing according to the OWASP ASVS standard
- Certification from Offensive Security (OSCP, OSWE)
- Good English communication skills
- Good understanding of security principles and web technologies
- Experience with source code review or mobile application or infrastructure testing
- Curiosity, Problem solving attitude, willingness to always learn more
Nice to have:
- Experience with SSDLC, cloud security or DevSecOps
- Ability to transfer knowledge to other team members and penetration tests requestor
- Community contributions like development or improvement of domain-relevant tooling,
CTF writeups, published security research in form of a blog, CVE advisories, or in other public form