Key skills
AWSCloudDNSJavaLinuxMacOSPythonSDLCTCP/IPC#CAILLMRAGLambdaS3IAMCloudWatchAPI GatewayGitCI/CDCommunicationCollaborationOWASPPenetration TestingCloud Security
About this role
Role Overview
- Perform hands-on security testing
- Analyze application behavior
- Review source code
- Identify realistic exploitation scenarios
- Validate security controls across modern architectures
- Work closely with clients and internal teams to deliver high-quality technical assessments and actionable remediation guidance
Requirements
- 4+ years of experience in application security assessments, penetration testing, or offensive security engagements
- Strong understanding of application security fundamentals, modern attack techniques, and common vulnerabilities affecting web applications, APIs, mobile applications, and cloud-native environments
- Hands-on experience testing REST APIs, including authentication/authorization flaws, IDORs, injection vulnerabilities, session management issues, and business logic flaws
- Strength with AWS services and cloud security concepts, including IAM, STS, S3, Lambda, API Gateway, CloudTrail, CloudWatch, and secure communication patterns such as SigV4
- Solid understanding of networking and web fundamentals, including HTTP/HTTPS, TCP/IP, DNS, API communication flows, cookies, headers, and related concepts
- Experience reviewing source code for security issues in Java, C#, and Python applications
- Knowledge of secure coding principles and common risks such as SSRF, insecure deserialization, injection vulnerabilities, sensitive data exposure, and insecure cloud integrations
- Understanding of SDLC, CI/CD pipelines, and secure development practices
- Experience using security assessment and code review tools such as Burp Suite, Semgrep, Git, AWS CLI, and API testing/debugging tools
- Comfortable working across Linux, Windows, and macOS environments
- Experience or strong interest in AI/LLM security, including prompt injection, RAG risks, insecure integrations, excessive permissions, and the OWASP Top 10 for LLM Applications
- Strong written and verbal communication skills, with the ability to deliver clear, actionable findings and communicate technical risks to both technical and executive stakeholders
- Experience following structured testing methodologies, documentation standards, and validation/retesting workflows
- Strong collaboration and interpersonal skills when working with security, engineering, and client teams
- Ability to manage multiple concurrent engagements while maintaining high-quality deliverables and attention to detail
- Curious, adaptable, and professional mindset with a passion for continuous learning and emerging security trends
Tech Stack
- AWS
- Cloud
- DNS
- Java
- Linux
- MacOS
- Python
- SDLC
- TCP/IP
Benefits
- Generous Time Off and Company-Wide Holidays
- Team Events and International Travel Opportunities
- Work From Home Support
- Training Budget
- Saving Fund
- Food Coupons
- Health and Wellbeing programs