Senior Penetration Tester

Our mission is to help people integrate technology into everyday life and to enable innovation through technology. We offer software development and infrastructure solutions, with advanced competences in Blockchain, Artificial Intelligence and Machine Learning. All our offices (in Western Europe or nearshore, in CEE) are located within the boundaries of the European Union. We believe working in close cooperation with our clients and employees is the key to success; this means we offer people the best working environment in order to achieve the best results. We love entrepreneurial spirits and encourage people around us to be proactive and make the best decisions not only for business, but for their own personal development. Our nearshore Romanian offices are in Bucharest (Victoriei Square) and Iasi (Palace) and, with over 9000 team members at group level, we make sure we are always close to our customers.

What you will be working on:

As a Senior Penetration Tester, you will join the Offensive Security team to proactively assess and strengthen the security posture of client's products, infrastructure, and emerging technologies (including AI/GenAI). You will lead and execute advanced technical engagements, mentor others, and help shape the security assurance strategy in response to today's rapidly evolving threat landscape.

What you will do:

• Lead and execute highly technical penetration tests and security assurance engagements (web, API, mobile, infrastructure, cloud, and AI/GenAI applications) with minimal supervision.
• Design new testing techniques and adapt industry best practices to client's technical and cultural environment, including automation and CI/CD integration.
• Integrate threat modeling into the SDLC and proactively map attack paths for critical systems.
• Stay current with the latest vulnerabilities, threat actor TTPs, and threat intelligence relevant to the client's sectors.
• Provide actionable remediation guidance and communicate technical findings to both technical and non-technical stakeholders, up to CISO/CSO level.
• Mentor and train junior penetration testers and non-security technical staff to scale security impact across the organization.
• Manage and optimize the use of external vendors for penetration testing, ensuring value and ROI.
• Support incident investigations with offensive security testing as needed.
• Contribute to the mid- and long-term security assurance strategy, including threat landscape reporting and continuous improvement of testing methodologies.

Requirements:

• 5+ years of hands-on experience in offensive security testing and engagement management.
• Expert-level skills in web application/API, infrastructure, and cloud penetration testing (AWS, GCP, Azure).
• Experience with threat modeling methodologies (e.g., STRIDE, PASTA) and integrating security into SDLC/CI-CD pipelines.
• Strong knowledge of current vulnerabilities, exploitation techniques (RCE, buffer overflows, privilege escalation, etc.), and attacker TTPs.
• Familiarity with security testing for AI/GenAI applications and cloud-native environments is highly desirable.
• Proficiency with offensive security tools (BurpSuite, Kali Linux, etc.) and scripting languages (Python, Bash, PowerShell, Ruby).
• Excellent communication and stakeholder management skills.
• Ability to design, manage, and maintain penetration testing labs/infrastructure.
• Analytical, organized, and able to work independently and as part of a multi-disciplinary team.

Nice to have:

• Experience with red/purple team operations and attack path mapping.
• Experience in security consulting, incident response, and threat intelligence.
• Knowledge of regulatory and compliance requirements (PCI, GDPR, etc.) as they relate to penetration testing.

Once on board we offer various programs and benefits:

• 22 working days as Annual Vacation plus 3 additional days off.
• Floating days
• Medical Insurance at Signal Iduna.
• Benefit Online platform access, with a 690 RON monthly allowance from which you can choose to invest in different wellbeing, financial or retail packages.
• Financial support for the birth of your child or unhappy events.
• Learning and development opportunities - allocated budget for certifications and/or trainings.