Penetration Tester (42143)

Join the team as a Penetration Tester. In this role, you will assess web application security, identify vulnerabilities, and evaluate existing defenses through practical testing. A strong command of the OWASP Top 10 is crucial, including the ability to exploit them effectively. You should be experienced with tools like Burp Suite, Nmap, and Metasploit, and capable of uncovering complex issues such as business logic flaws or authentication bypass. Nice to have are certifications like OSCP, eJPT, eCCPT, or PNTP, as well as experience in bug bounty platforms or scripting languages.

🚀 Project
- conducting security assessments and penetration tests on web applications to identify vulnerabilities, misconfigurations, and potential attack vectors
- simulating real-world attacks using industry-standard tools and techniques to evaluate the effectiveness of existing security controls
- documenting findings, provideing clear risk assessments, and recommending actionable remediation steps to improve overall application security

🎯 Skills
- practical experience with web application penetration testing
- knowledge of the OWASP Top 10 and the ability to exploit them in real-world scenarios
- experience with tools such as: Burp Suite (advanced usage), Nmap, Metasploit
- ability to identify IDOR, authentication bypass, business logic vulnerabilities
- experience with infrastructure penetration testing
- basic understanding of Active Directory attacks
- ability to deliver high-quality and clear reports for clients
- independence and responsibility

💡 Nice to have
- Offensive Security (OSCP)
- INE Security (eCCPT, eJPT)
- TCM Security (PNTP)
- experience with bug bounty (HackerOne, Bugcrowd), Active Directory (BloodHound, privilege escalation), scripting (Python / Bash / PowerShell)

#LI-AV1