We are looking for Senior Pentester as technical specialists who execute hands-on security assessments to web applications, APIs, and supporting infrastructure.O que terás de fazer - Conduct grey-box penetration testing across all OWASP ASVS categories (authentication, session management, input validation, cryptography, etc.);
- Perform testing in isolated environments;
- Document all findingsin real-time;
- Develop proof-of-concept exploits and provide step-by-step reproduction steps;
- Conduct retesting of previously identified vulnerabilities after implemented fixes;
- Participate in planning and scoping discussions;
- Review asset documentation, technical specifications, and source code (when provided);
- Write clear, structured technical findings in English suitable for both technical and executive audiences;
- Comply with our partner's Rules of Engagement (ROE) and security protocols;
- Report Critical vulnerabilities immediately and High vulnerabilities within 24 hours;
- Collaborate with the Lead Tester on quality assurance and peer review processes.
O que deves garantir - Experience Minimum 3 years conducting web application penetration testing;
- Familiarity with OWASP ASVS, OWASP Top 10, and secure coding principles;
- Strong written and verbal English skills for technical reporting;
- Certifications OSWE, GWAPT, GXPN, CEH, or equivalent are considered assets but not mandatory.
- Proficiency with industry-standard penetration testing tools: Web Application: Burp Suite Pro, OWASP ZAP, SQLMap, Nikto;
Network/Infrastructure: Nmap, Metasploit, Wireshark;
Custom Tooling: Ability to develop scripts (Python, Bash) for specialized testing;
- Experience conductingauthenticated testing (using provided credentials);
- Ability to perform code-assisted assessments when source code is available;
- Strong analytical skills to identify root causes and assess business impact;
- Experience testing large-scale, multi-tier, or cloud-hosted environments.
O que te proporcionamos - Direct employment contract with the client;
- 100% remote work model.