➡️ Apply here: Senior Security Penetration Tester
👩💼 Want to stand out? Improve your resume to appeal to recruiters, hiring managers, and Applicant Tracking Systems. ➡️ Improve your resume
POSITION OVERVIEWWe are seeking a highly skilled and analytical Senior Security Penetration Tester to join our Cyber Security project in Georgia. This is not a checklist-based role; we are looking for a dedicated security professional who possesses an “adversarial mindset.” The successful candidate will go beyond automated scanning to perform deep-dive manual exploitation, identifying complex logic flaws and architectural weaknesses that automated tools often overlook.
KEY RESPONSIBILITIES
Full-Spectrum Penetration Testing: Execute comprehensive security assessments across diverse environments, including Web Applications, Mobile Platforms (iOS/Android), Cloud Infrastructure (AWS/GCP), and internal corporate networks.
Deep-Dive API & IAM Analysis: Perform rigorous testing on the “backbone” of our digital services, focusing on API security, authentication protocols, and Identity & Access Management (IAM) to prevent unauthorized privilege escalation.
Vulnerability Chaining & Impact Analysis: Correlate disparate vulnerabilities to build comprehensive attack scenarios. Demonstrate the potential business impact of findings through clear, reproducible Proof of Concepts (PoC).
Strategic Remediation & Reporting: Deliver high-quality technical reports for both technical and executive audiences. Provide actionable, risk-based remediation guidance to development teams to strengthen the organizational security posture.
Security Research: Stay abreast of the latest threat actor TTPs (Tactics, Techniques, and Procedures) and integrate new exploitation methods into the testing lifecycle.
DESIRED QUALIFICATIONS (NICE-TO-HAVE)
Specialized Domain Knowledge: Previous experience in Game Security (including client/server architecture and anti-cheat systems) is highly regarded.
Professional Certifications: Holding industry-recognized certifications such as – OffSec: OSWE, OSCP, or OSEP and/or HTB/TCM: CWES, CWEE, PWPE, or PMPA.
Specialized: CMSE (Cloud), ASCP (API), or GIAC (GMOB, GWAPT, GCPN).
Industry Contributions: Active participation in Bug Bounty programs (HackerOne, Bugcrowd) or a history of discovered and documented CVEs.