* 3-5 years of hands-on experience in cybersecurity, with a focus on penetration testing.
* strong understanding of owasp top 10 and practical experience exploiting them in real-world applications.
* experience testing rest and graphql apis.
* proven experience performing manual exploitation (not just tool-based scanning).
* experience testing cloud-hosted applications and infrastructure (aws, oci and azure).
* knowledge of modern authentication (oauth, jwt, sso, saml).
* ai/llm security (preferred, not mandatory)
* experience testing ai/llm-powered features.
* knowledge of prompt injection, jailbreaks, rag attacks, model extraction, data leakage vectors.
* tools & methodologies
* proficiency with:
* burp suite pro
* nmap
* nikto
* sqlmap
* sast/dast tools (optional)
* ability to leverage ai/copilot tools in daily workflow (payload generation, code review, exploit crafting).
* soft skills
* strong analytical and problem‑solving skills.
* ability to work independently and in a fast-paced red team environment.
* excellent written and verbal communication skills.
* curiosity-driven mindset with a passion for offensive security.
* preferred certifications (nice to have)
* cloud certifications (azure az‑500, aws security specialty)
* we are building a dedicated red team to strengthen the security of our saas platform. As a penetration tester, you will conduct internal offensive security assessments across our web applications, apis, cloud environments, and emerging ai/llm-based features. You will identify, exploit, and document vulnerabilities to help the organization stay ahead of modern adversaries.
* this is a hands-on technical role for someone who enjoys breaking things ethically, understanding how they work under the hood, and working closely with engineering and security teams to drive remediation.
hiring requirements
* we are building a dedicated red team to strengthen the security of our saas platform. As a penetration tester, you will conduct internal offensive security assessments across our web applications, apis, cloud environments, and emerging ai/llm-based features. You will identify, exploit, and document vulnerabilities to help the organization stay ahead of modern adversaries.
* this is a hands-on technical role for someone who enjoys breaking things ethically, understanding how they work under the hood, and working closely with engineering and security teams to drive remediation.
* what a day in the life looks like:
* conduct in-depth penetration tests on web applications, apis, microservices, and internal saas components.
* perform manual vulnerability discovery and exploitation following owasp methodologies.
* simulate adversarial attack scenarios and participate in red team exercises.
* conduct cloud-focused penetration tests and configuration reviews (aws, oci and azure).
* test llm/ai features for prompt injection, jailbreaking, data leakage, model manipulation, and other emerging threats.
* develop custom proof-of-concept exploits where applicable.
* work closely with engineering and product teams to provide clear remediation guidance.
* security automation & tools - mandatory
* use and customize security testing tools (burp suite, zap, nmap, sqlmap, etc.).
* develop scripts or small tools for automation or exploitation (python, bash, powershell, etc.).
* effectively use ai tools (microsoft copilot, claude etc.) to accelerate testing, generate payloads, summarize findings, and produce documentation.
* documentation & reporting
* create clear, detailed technical reports with reproduction steps and exploit evidence.
* present findings to technical and leadership teams.
* contribute to threat models and risk assessments.
#j-18808-ljbffr