Offer summary

Qualifications:

6-10 years of experience in Security Engineering or Penetration Testing., Relevant certifications in ethical hacking or security engineering are desirable., Proficient in identifying vulnerabilities in web applications and infrastructure., Strong programming skills in languages like Python or JavaScript..

Key responsabilities:

Conduct vulnerability assessments and penetration tests on web applications and infrastructure.

Simulate attacker methods to assess real-world risks and develop exploitation scenarios.

Collaborate with engineering teams to prioritize and remediate vulnerabilities.

Document security findings for both technical and non-technical audiences.

Job description

Skills:
Statistical Analysis, Python Programming, Cybersecurity, infrastructure security, penetration testing, vulnerability,

We looking for a skilled Security Engineer with expertise in securing web and mobile applications, as well as identifying vulnerabilities across both application and infrastructure layers. This role is perfect for someone with a hacker mindset who enjoys uncovering vulnerabilities in web applications, APIs, and infrastructure. The ideal candidate is proactive, self-motivated, and committed to enhancing the security of our platforms by identifying and addressing vulnerabilities.

Responsibilities

Conduct in-depth vulnerability assessments and penetration tests on web applications, APIs, infrastructure, and cloud environments to identify high-risk vulnerabilities.
Simulate attacker methods on both our applications and infrastructure to expose and assess real-world risks, developing realistic exploitation scenarios.
Collaborate closely with engineering teams to prioritize and remediate vulnerabilities in both application and infrastructure components.
Provide actionable recommendations for improving application and infrastructure security and assist teams in implementing these enhancements.
Stay current on the latest security threats, vulnerabilities, and attack vectors across application and infrastructure domains.
Develop secure coding, configuration, and deployment practices across both applications and infrastructure.

Document security findings clearly, ensuring that both technical and non-technical audiences understand the issues and solutions.

Skills & Qualifications

Experience: 6-10 years in a Security Engineer, Penetration Tester, or similar role focused on both application and infrastructure security.
Certifications: Relevant certifications in ethical hacking, penetration testing, or security engineering are highly desirable.
Technical Expertise: Proficient in identifying and exploiting vulnerabilities across web applications and infrastructure, including common attack vectors such as SQL Injection, Cross-Site Scripting (XSS), insecure configurations, and network misconfigurations.
Programming & Scripting: Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, Bash, or PHP).
Tools: Experience with security tools for both applications and infrastructure, including Burp Suite, Metasploit, Nmap, AWS Security Hub, and similar tools for cloud and network security.
Cloud & Infrastructure Knowledge: Familiarity with security best practices for AWS and container security (e.g., Docker, Kubernetes).
Self-Starter: Highly self-motivated, thrives on independent research, and continuously seeks out new challenges.
Team Impact: Effective communication and collaboration skills, with a strong ability to advocate for security and influence cross-functional teams.
Preferred Requirements:
Regular engagement in bug bounty programs or responsible disclosure programs in personal time, with proven success in reporting vulnerabilities.
Experience in securing infrastructure environments, cloud networks, and virtualized systems.
A track record of independent security projects and active participation in security communities.
Passion for fostering a proactive security culture across both application and infrastructure teams.

Required profile