Penetration Tester

Summary

Andersen is hiring a Penetration Tester to strengthen application and infrastructure security across international digital projects.

Andersen is a pre-IPO software development company providing a full cycle of services. For over 19 years, we have been helping enterprises and middle-sized firms worldwide transform their businesses by creating effective digital solutions using innovative technologies.

Today, we are working with organizations from various parts of the world, including North America, Western Europe, Israel, Australia, and the UAE. Our expertise covers FinTech, Healthcare, Retail, Telecom, Media & Entertainment, Logistics, Travel & Hospitality, eCommerce, and other industries.

Responsibilities

• Conducting and facilitating customer workshops.
• Communicating with leads and stakeholders during pre-sales calls.
• Gathering and analyzing business and technical requirements.
• Preparing scope estimations for commercial proposals, including ballpark and detailed estimations.
• Performing penetration tests of web servers, web applications, and internal infrastructure.
• Managing the application security program, including the implementation of SSDLC for a highly dynamic and extensive engineering team.
• Managing internal bug bounty program, validating and triaging findings, following up on remediation guidelines.
• Reviewing the IaC codebases for security misconfigurations and weaknesses, as well as securing GitOps CI/CD pipelines.
• Integrating and tuning SAST/DAST tools (CodeQL, SonarQube, Burp Enterprise) to optimize build performance and vulnerability detection.
• Securing cloud-native infrastructure (Azure, AWS) and Kubernetes clusters through custom policies and runtime protection.
• Implementing security best practices for Linux and Windows servers as part of the hardening process.
• Administering networking hardware and firewalls (Cisco ASA, pfSense) with security best practices in mind.
• Supporting the development and implementation of information security policies across an extensive, nation-spanning digital infrastructure.
• Assisting in the implementation of security solutions such as NGFW, EDR, IDS/IPS.
• Shadowing penetration tests conducted by senior testers.
• Performing tasks, such as information gathering, vulnerability analysis, and report writing.
• Performing security audits on network devices to assure conformity to security best practices.

Requirements

• Strong hands-on experience in Application Security / Penetration Testing for 2+ years.
• Deep expertise in web application penetration testing and vulnerability assessment.
• Experience securing cloud-native environments (AWS and/or Azure).
• Practical knowledge of SSDLC implementation and secure development practices.
• Experience reviewing and securing CI/CD and GitOps pipelines.
• Strong understanding of IaC security (Terraform, Ansible, infrastructure code reviews).
• Experience with Kubernetes/container security.
• Hands-on experience with security tooling such as Burp Suite, Metasploit, Trivy, Falco, SAST/DAST tools.
• Strong networking and infrastructure security knowledge (TCP/IP, firewalls, routing, switching).
• Experience performing infrastructure/network penetration testing.
• Strong Linux and Windows security hardening knowledge.
• Scripting skills (Python, Bash, PowerShell).
• Experience writing technical security reports and communicating findings to engineering/business stakeholders.
• Experience working directly with developers to remediate vulnerabilities.
• Understanding of security standards/compliance frameworks (SOC2, ISO27001, etc.).
• Ability to work independently in a self-managed environment.
• Level of English – Upper-Intermediate and above.

Desired skills

• OSCP certification.
• Experience with bug bounty programs.
• Experience with threat modeling exercises.
• Knowledge of Active Directory security and common exploitation techniques.
• Experience with VMware/vSphere or virtualization technologies.
• Experience building or improving security logging/monitoring infrastructure.
• Experience defining or implementing enterprise security policies.
• Experience with blue team / defensive security activities.
• Exposure to large-scale enterprise environments.
• Experience working in product companies rather than only outsourcing/consulting.
• Experience securing high-load or data-intensive applications.
• Familiarity with DevSecOps practices and security automation.
• Previous mentoring or technical leadership experience.
• Experience coordinating with cross-functional stakeholders and engineering teams.

Reasons to join us

• Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson & Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
• The opportunity to change the project and/or develop expertise in an interesting business domain.
• Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
• Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
• The opportunity to earn up to an additional 1,000 USD per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
• Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
• Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
• Certification compensation (AWS, PMP, etc).
• Referral program.
• English courses.
• Private health insurance and compensation for sports activities.

Join us!

Lokalizacje

Worldwide