Senior Penetration Tester

Project description: We are looking for an experienced Senior Pentester who will be responsible for conducting advanced security assessments of applications, systems, and IT infrastructure. In this role, you will work on projects covering web and mobile applications as well as infrastructure environments, identifying vulnerabilities and supporting clients in effectively mitigating them. The position also involves designing attack scenarios, improving testing methodologies, and collaborating with both technical and business teams. Main responsibilities: • Perform penetration tests of web applications, mobile applications, and infrastructure (internal and external) • Identify, analyze, and report vulnerabilities along with remediation recommendations • Develop realistic attack scenarios (manual and partially automated) • Collaborate with development and DevOps teams to improve security posture • Support threat modeling and security architecture reviews • Contribute to the development of internal tools and testing standards • Mentor junior and mid-level team members Tech stack: • Web & API Security: Burp Suite Professional, OWASP Top 10, ASVS, OWASP API Security • Mobile Security: MobSF, Frida, Objection, Android & iOS Security Testing • Infrastructure & Network: Nmap, Nessus, Metasploit, Active Directory, Wireshark • Cloud Security: AWS, Azure, GCP (Security Services) • Methods & Frameworks: Manual Exploitation, Secure Code Review, SSDLC, PTES • Operating Systems: Kali Linux, Parrot OS, Windows Server, Linux (Debian/RHEL) Requirements: • Minimum 5 years of hands-on experience in penetration testing • Strong knowledge of web application security (e.g., OWASP Top 10, ASVS, OWASP Top 10 API) • Experience in mobile application testing (Android/iOS) • Solid understanding of infrastructure security (networks, systems, Active Directory, cloud) • Proven ability to manually exploit vulnerabilities • Familiarity with tools such as Burp Suite, Metasploit, Nmap, Nessus, MobSF, Frida or similar • Ability to produce clear technical and executive-level reports • Strong analytical skills and an “attacker mindset”