Senior Penetration Tester

The role is within a global Cybersecurity team focused on Cybersecurity Research & Offensive Security. The position involves leading and executing advanced security assessments across web, mobile, infrastructure, and API environments.

• Minimum 3 years of hands-on penetration testing experience
• Strong web and mobile application testing expertise
• Solid knowledge of iOS and Android security models
• Practical experience with manual and automated security testing
• Strong understanding of TCP/IP and networking security
• Experience with SAST, DAST, IAST tools
• Strong programming/scripting skills
• Ability to explain complex security issues clearly to technical and non-technical audiences
• Excellent English communication skills (written & spoken)
• Ability to work independently or lead penetration testing teams
• Knowledge of web technologies: HTML, XML, JavaScript, JSON, REST, Microservices
• Experience with Secure SDLC and DevOps environments
• Understanding of cryptography fundamentals and secure implementation practices
• Familiarity with security mechanisms such as SSL/TLS, Certificate Pinning, OAuth2, JWT, SAML, RASP, biometric authentication
• Knowledge of mobile security standards such as OWASP MASVS & MSTG

Nice to have:

• Code review experience (Java, Kotlin, Swift, Objective-C)
• Experience with cloud-hosted applications
• Reverse engineering or disassembly experience
• Background in secure software development
• Certifications are considered a plus

• Lead and deliver end-to-end penetration tests across mobile applications (iOS & Android), web applications and APIs, infrastructure and network environments
• Perform manual penetration testing, source code reviews, and configuration assessments
• Clearly document findings, including root cause analysis and business risk impact
• Design and demonstrate proof-of-concept exploits when required
• Collaborate with DevOps and engineering teams to support remediation efforts, improve secure development practices, and automate repetitive security testing tasks
• Assess product release risk and identify potential misuse scenarios
• Track remediation activities and support risk acceptance processes
• Support incident response activities when required
• Evaluate new security testing technologies and recommend improvements
• Monitor security industry developments and emerging threats
• Contribute to process enhancements and quality improvements
• Mentor junior team members and support knowledge sharing

Work model is hybrid with 6 days per month required in office located in Kraków (preferred) or Warsaw.