We are looking for Penetration Testers to join our Managed Security Services team and deliver end-to-end penetration testing projects for our clients. This role requires hands-on experience across web and mobile applications, infrastructure environments, and adversary simulation exercises.

Note that candidate must be an Azerbaijani national.

Responsibilities

• Perform web application, API, mobile (iOS/Android), infrastructure, and wireless security testing using black-box, grey-box and white-box approaches
• Execute adversary simulation and attack scenario–based assessments to evaluate real-world security posture
• Identify, exploit, and validate vulnerabilities using a combination of manual techniques and automated tools
• Conduct manual and automated secure code reviews to identify design and implementation weaknesses 
• Develop and present vulnerability walkthroughs, proofs of concept (PoCs), and attack demonstrations
• Produce clear, professional technical and executive-level reports and security presentations
• Communicate findings, risks, and remediation guidance effectively to customer technical teams
• Participate in secure software design discussions and provide security input during customer design and architecture reviews

Requirements

• 2+ years of hands-on penetration testing experience
• Practical experience in web application, mobile application (iOS/Android) and API penetration testing
• Proven ability to conduct infrastructure and network penetration testing in enterprise environments
• Hands-on experience conducting manual and automated secure code reviews to identify design-level and implementation-level security issues
• Experience conducting adversary simulation
• Strong understanding of fundamental networking protocols and architectural concepts
• In-depth knowledge of HTTP, RESTful services, and authentication/authorization models
• Strong skills in various operating systems including Windows, Linux/Unix, macOS, iOS, and Android
• Proficiency in scripting and programming for exploitation, automation, and secure code review activities
• Solid hands-on knowledge of Active Directory environments and common enterprise services
• Excellent documentation and reporting skills with the ability to clearly articulate risk, impact, and remediation guidance 
• At least one hands-on offensive security certification (e.g., OSCP, OSWA, OSEP, OSWE, CPTS, CWES, or equivalent) is required.

Salary: upon the interview

Interested candidates can send their CV to the e-mail address in the Apply for job button by mentioning Penetration Tester in the subject line.