Penetration Tester

İş Təsviri

BNB Security Alliance Limited LLC

We are seeking a highly skilled and experienced Senior Penetration Tester to join our cybersecurity team. The ideal candidate will have extensive expertise in identifying vulnerabilities across diverse platforms, developing Proof-of-Concept (PoC) exploits, and delivering comprehensive reports. The candidate will work on a variety of projects, including web applications, API, mobile app, and infrastructure penetration testing. Additionally, the role involves red team exercises, source code reviews, and providing actionable remediation recommendations.

Responsibilities

Conduct advanced penetration tests on Web Applications, APIs, Mobile Applications and Infrastructure using approved tools and best practices
Perform static code analysis, focusing on .NET, Java, and occasionally PHP
Participating in our leading team engagements to simulate real-world attacks
Develop PoC exploits to demonstrate vulnerabilities and their business impact
Prepare detailed reports with findings, risk assessments, and mitigation strategies
Write concise and actionable executive summaries for non-technical stakeholders
Work with development and infrastructure teams to address vulnerabilities and enhance security
Competencies (Soft Skills)

Communication skills
Analytical skills
Detail oriented
Cooperation and Teamwork
Active learning skills
Time management
Problem-solving skills
Positive Attitude
Strong Work Ethic
Personnel specifications

Diploma: Bachelor’s or master’s degree in computer science, Cybersecurity, Information Technology, or a related field.
Experience: 3 years of practical experience as a penetration tester.
Specific areas of expertise:

Requirements:

Extensive experience in penetration testing, covering Web Applications, APIs, Mobile Applications, and Infrastructure
Strong knowledge of OWASP Top 10 and MITER ATT&CK Framework
Experience in red teaming engagements, including adversary simulation and bypassing detection mechanisms
Knowledge of secure coding practices and remediation strategies
Excellent report writing and communication skills to convey technical findings effectively to both technical and non-technical stakeholders
Strong analytical and problem-solving skills to identify and exploit complex vulnerabilities
Ability to work collaboratively with cross-functional teams (development, DevOps, infrastructure) to resolve vulnerabilities
Scripting and programming knowledge (Python, Bash, JavaScript) is a plus
Certifications

Certifications such as OSCP, OSWE, OSEP, CRTL or similar are preferred
Language Skills

Azerbaijani (required)
English (required)
Salary: upon interview