Senior Security Engineer – Penetration Testing

Job Description

What You Will Do

• You plan and execute authorized penetration tests for web applications, mobile applications (iOS/Android), APIs (REST, GraphQL), and backend services.
• You perform threat modeling, attack surface analysis, and risk-based scoping to prioritize testing efforts.
• You identify, safely exploit, and validate vulnerabilities using a mix of automated tools and manual techniques; produce proof-of-concept exploits where appropriate.
• You maintain and expand a findings knowledge base, test cases, and remediation patterns.
• You produce clear, technical reports including executive summaries, risk ratings, reproducible steps, PoCs, and prioritized remediation recommendations.
• You collaborate with development, DevOps, and product teams to explain findings, validate fixes, and advise on secure design and secure coding practices.
• You integrate repeatable security tests into development pipelines (SAST/DAST) where feasible.
• You support security reviews, audits, compliance activities, and incident responses as needed.
• You document and deliver internal training, workshops, and knowledge-sharing sessions to raise security awareness.

Who You Are

• You have 5+ years of hands-on experience performing penetration tests and vulnerability assessments on web applications, mobile apps, and APIs.
• You have a strong practical knowledge of OWASP Top 10, API security risks, and common exploitation techniques.
• You have proficiency with penetration testing tools such as Burp Suite, ZAP, Nmap, Metasploit, sqlmap, and API fuzzers.
• You have experience with mobile application testing: reverse engineering, instrumentation, insecure storage, and platform-specific weaknesses.
• You have solid scripting and automation skills (Python, Bash, or similar) for custom tooling and automation.
• You have familiarity with cloud security and container security basics.
• You have a strong understanding of secure coding practices and ability to translate findings into developer-friendly remediation steps.
• You have excellent written and verbal communication skills for technical reporting.
• You have analytical mindset, attention to detail, and ability to prioritize findings by business impact and business aspects.
• You will demonstrate the ability to guide, support and collaborate with SOC analysts while fostering a team-oriented culture.
• You will show potential to step into a people-led role by contributing to process design, mentoring junior team members and driving team accountability.

Nice to Have

• You have relevant certifications.
• You have 2+ years of experience developing REST/GraphQL APIs, and Web Applications.
• You have relevant experience in similar position.
• You have past vulnerability discoveries and remediation.

What You Can Expect

• A competitive salary and growth-oriented career path.
• A collaborative environment with supportive peers, mentors, and strong engineering culture.
• Opportunities to participate in innovation initiatives, architecture discussions, and technical leadership.
• Continuous learning through training, knowledge sharing, and hands-on challenges.
• Team building events, and recreational activities.
• Plenty of scope to experiment, innovate, and make a real impact.