CSST Analyst

Nasze wymagania: Strong written and verbal communication skills in English Ability to clearly articulate technical issues and their business impact Hands-on experience in penetration testing (at least 4 years) Expertise in at least one pentest domain (infrastructure, web apps, or mobile) Solid understanding of platform security models for iOS and Android Strong knowledge of web and mobile application security risks Practical experience with manual and automated testing methods Excellent understanding of TCP/IP, cryptography, and security implications Proven programming/scripting skills Ability to work independently and solve complex technical problems Mile widziane: Previous participation in Bug Bounty Programs Familiarity with OWASP MASVS, OWASP MSTG Experience with SAST, DAST, IAST tools and security code reviews Knowledge of DevOps practices and secure SDLC Experience with Java, Kotlin, Objective-C, Swift Understanding of OAuth2, JWT, SSL, Biometric Authentication, RASP Prior experience with cloud-hosted applications and reverse engineering O projekcie: We are looking for a CSST Analyst to join the Cybersecurity Research & Offensive Security (CROS) team. This role is responsible for managing the day-to-day operations of the Bug Bounty Program, acting as the escalation point for incoming security vulnerabilities and ensuring timely analysis, communication, and remediation. You will work closely with internal teams and external security researchers, perform vulnerability analysis and root cause investigations, and help drive improvements in processes, tooling, and automation. This is an exciting opportunity for an experienced penetration tester who wants to contribute to the maturity of a global cybersecurity program. Sounds like your kind of challenge? Zakres obowiązków: Analyze, assess, and respond to security vulnerabilities reported via the Bug Bounty Program Reproduce and validate reported vulnerabilities and perform root cause analysis Communicate effectively with internal teams and external security researchers Collaborate with stakeholders to explain risks and track remediation progress Drive improvements in processes, tooling, and automation to enhance program efficiency Advise on vulnerability remediation, control implementation, and secure development practices Ensure continuous improvement of the Bug Bounty Program in line with cybersecurity strategy Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – remote days available depending on the client’s arrangements Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided