Company description:

HRO Digital is a specialist traditional recruitment business. HRO Digital is a brand of Verita HR Polska.
Verita HR Polska is a Human Resources service provider operating under number 5694.
We are working as a recruitment provider searching on our Client's behalf for a person in the following role:

Senior Penetration Tester

Responsibilities:

- Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review.
- Clearly and professionally document root cause and risk analysis of all findings
- Adhere to the security testing process and raise any gaps or opportunities for improvement with manager.
- Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
- Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks
- Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
- Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
- Advise on vulnerability remediation, control implementation and secure development practices
- Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications
- Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
- Assist in planning, test execution and vulnerability mitigation
- Ensure that company security policies are implemented, enforced, and enhanced when appropriate
- Participate in team discussions to formulate new or enhance existing processes and standards
- Assist in security incident response activities
- Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices, report control weaknesses, compliance breaches and operational loss events
- Run evaluations of new security testing technologies and provide recommendations.
- Monitor security industry information sources and keep abreast of events, research, and developments.
- Identify opportunities to improve our processes, quality of the work and efficiencies.
- Mentor junior team members

Requirements:

- Strong written and verbal communication skills in English language – used for all formal communication.
- Ability of critical thinking to form and clearly articulate identified issues and their consequences.
- Ability to comfortably hold a conversation on cyber security aspects with both technical and non-technical audience.
- Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth.
- Understand the business context/significance of technical penetration testing findings.
- Consistently output superior quality of deliverables.
- Poses an entrepreneurial attitude to excel in loosely defined scenarios.
- Ability to work independently or lead any size team of penetration testers.
- Time management skills and self-discipline.
- Be subject matter expert in at least 1 of penetration testing domains (i.e. infrastructure/apps/mobile)..
- Demonstrated ability to solve complex technical problems.

The ideal candidate for this position will have:
- At least 5 years of prior demonstrable hands-on experience in penetration testing.
- Solid understanding of the platform security models for iOS and Android platforms.
- Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications.
- Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods.
- Excellent TCP/IP knowledge and understanding of security implications/issues.
- Strong web application testing experience.
- Proven programming/scripting skills.

The offer:

- Contact with top IT technologies available in the market
- Employees’ benefits: Multisport Card, private medical and dental health care, life insurance
- Free parking space for our employees – few minutes from the office
- Internal training events and workshops
- Realistic career progression opportunities in an international organization
- Casual dress code
- Cultural exchange