Company description:

HRO Digital is a specialist traditional recruitment business. HRO Digital is a brand of Verita HR Polska.
Verita HR Polska is a Human Resources service provider operating under number 5694.
We are working as a recruitment provider searching on our Client's behalf for a person in the following role:

Senior Penetration Tester

Responsibilities:

Do you want to work for one of the world’s largest global banks? Want to be part its exciting digital transformation? Do you want to engineer incredible products for millions of customers?
Well, our Client offers just that ☺︎ It's a leader in digital transformation of banking services and Cracow is one of the most important technological centers - majority of projects are delivered from Poland ☺︎

This role involves providing expertise in Penetration Testing to support broader Cyber Security efforts. The successful candidate will work as part of a global or regional Cybersecurity team, offering guidance, oversight and assurance on security processes, controls, standards and regulatory requirements.

What will you do?
• Lead and manage penetration tests for various technologies
• Conduct technical security assessments of mobile apps, infrastructure, networks, web services and APIs, including manual penetration testing and code review
• Document root causes and risk analysis clearly and professionally
• Follow security testing processes and suggest improvements to the manager
• Collaborate with DevOps teams to meet security testing requirements and automate tasks
• Apply testing methods to business functions and relevant risks
• Create basic proof-of-concept exploits for vulnerabilities when needed
• Guide penetration tests and results to ensure the bank stays within acceptable risk levels
• Act as a cybersecurity technical expert in both internal and external discussions
• Improve the quality and efficiency of cybersecurity services in line with broader strategies
• Follow the three lines of defence model, ensuring clear responsibilities and duties
• Ensure compliance with internal audits and external regulations, making sure changes are appropriate
• Work with stakeholders to enhance the cybersecurity strategy, protecting the bank's technology and values
• Supervise, guide and mentor less experienced team members

A successful candidate will ensure the security of the company's applications by identifying vulnerabilities, suggesting controls, guiding risk reduction and working directly with engineering, management teams, business owners and global tech groups

Requirements:

• At least 5 years of hands-on experience in penetration testing
• Strong understanding of security models for iOS and Android platforms
• Excellent knowledge of platform-specific security risks, common vulnerabilities in mobile applications, and risks in financial applications
• Practical experience in penetration testing of infrastructure and web technologies using both manual and automated methods
• Excellent knowledge of TCP/IP and related security issues
• Proven programming and scripting skills
• Ability to explain security functionality from the basics
• Ability to adapt and apply knowledge to new scenarios and technologies
• Strong understanding of cryptography in application development

Nice to have
• Strong understanding of mobile app technologies and protocols (HTML, XML, JavaScript, JSON, REST, Micro-services)
• Knowledge of software development lifecycles, especially DevOps
• Experience with dynamic and static application security testing tools
• Skilled in security code reviews for Java, Objective C, Swift and Kotlin
• Strong initiative and ability to collaborate with various clients
• Familiarity with mobile security testing frameworks like OWASP MASVS and MSTG
• Knowledge of enterprise application design and common security issues
• Advanced knowledge of security analysis tools and testing techniques for mobile security
• Hands-on experience with SAST, DAST and IAST tools
• Knowledge of security mechanisms like SSL, pinning, biometric authentication, JWT, SAML, RASP, and Oauth2

The offer:

• Prestigious position at one of the world's largest banks
• Competitive salary with a B2B contract
• Remote work (Poland based) and flexible working hours
• Working with cutting-edge IT technologies
• Personal growth and development opportunities within the organization
• Private healthcare coverage and multisport card
• Referral program and company events
• Convenient parking, relaxation and game rooms, bicycle racks and showers for cyclists

Recruitment process:
one on-line meeting with hiring managers, followed by an initial phone screening with our recruiter.