Senior Penetration Tester

O projekcie: Tech stack: - Web & API Security: Burp Suite Professional, OWASP Top 10, ASVS, OWASP API Security - Mobile Security: MobSF, Frida, Objection, Android & iOS Security Testing - Infrastructure & Network: Nmap, Nessus, Metasploit, Active Directory, Wireshark - Cloud Security: AWS, Azure, GCP (Security Services) - Methods & Frameworks: Manual Exploitation, Secure Code Review, SSDLC, PTES - Operating Systems: Kali Linux, Parrot OS, Windows Server, Linux (Debian/RHEL) Project description: We are looking for an experienced Senior Pentester who will be responsible for conducting advanced security assessments of applications, systems, and IT infrastructure. In this role, you will work on projects covering web and mobile applications as well as infrastructure environments, identifying vulnerabilities and supporting clients in effectively mitigating them. The position also involves designing attack scenarios, improving testing methodologies, and collaborating with both technical and business teams. About Spyrosoft Spyrosoft is an authentic, cutting-edge software engineering company, established in 2016. In 2021 and 2022, we were among the fastest growing technology companies in Europe, according to the Financial Times. We were founded by a group of tech experts with established backgrounds in software engineering, who created an ‘engineer-to-engineer’ workplace, powered by enthusiasm, fairness and authentic relationships. Having a unique offering, which bridge the gap between technology and business, we specialise in technology solutions for industry 4.0, automotive, geospatial, healthcare & life sciences, employee experience & education and financial services industries. Wymagania: - Minimum 5 years of hands-on experience in penetration testing - Strong knowledge of web application security (e.g., OWASP Top 10, ASVS, OWASP Top 10 API) - Experience in mobile application testing (Android/iOS) - Solid understanding of infrastructure security (networks, systems, Active Directory, cloud) - Proven ability to manually exploit vulnerabilities - Familiarity with tools such as Burp Suite, Metasploit, Nmap, Nessus, MobSF, Frida or similar - Ability to produce clear technical and executive-level reports - Strong analytical skills and an “attacker mindset” Nice to Have: - Industry certifications (e.g., OSCP, OSWE, OSEP or similar) - Knowledge of cloud environments (Azure, AWS, GCP) from a security perspective - Experience in secure code review or SSDLC Codzienne zadania: - Perform penetration tests of web applications, mobile applications, and infrastructure (internal and external) - Identify, analyze, and report vulnerabilities along with remediation recommendations - Develop realistic attack scenarios (manual and partially automated) - Collaborate with development and DevOps teams to improve security posture - Support threat modeling and security architecture reviews - Contribute to the development of internal tools and testing standards - Mentor junior and mid-level team members