Conduct hands-on security assessments to web applications, APIs, and infrastructure. Develop proof-of-concept exploits and provide step-by-step reproduction steps. Collaborate with the Lead Tester on quality assurance and peer review processes.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
We are looking for Senior Pentester as technical specialists who execute hands-on security assessments to web applications, APIs, and supporting infrastructure.
O que terás de fazer
- Conduct grey-box penetration testing across all OWASP ASVS categories (authentication, session management, input validation, cryptography, etc.);
- Perform testing in isolated environments;
- Document all findings in real-time;
- Develop proof-of-concept exploits and provide step-by-step reproduction steps;
- Conduct retesting of previously identified vulnerabilities after implemented fixes;
- Participate in planning and scoping discussions;
Interested in remote work opportunities in QA & Testing? Discover QA & Testing Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
- Review asset documentation, technical specifications, and source code (when provided);
- Write clear, structured technical findings in English suitable for both technical and executive audiences;
- Comply with our partner's Rules of Engagement (ROE) and security protocols;
- Report Critical vulnerabilities immediately and High vulnerabilities within 24 hours;
- Collaborate with the Lead Tester on quality assurance and peer review processes.
O que deves garantir
- Experience Minimum 3 years conducting web application penetration testing;
- Familiarity with OWASP ASVS, OWASP Top 10, and secure coding principles;
- Strong written and verbal English skills for technical reporting;
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
- Certifications OSWE, GWAPT, GXPN, CEH, or equivalent are considered assets but not mandatory.
- Proficiency with industry-standard penetration testing tools:
Web Application: Burp Suite Pro, OWASP ZAP, SQLMap, Nikto;
Network/Infrastructure: Nmap, Metasploit, Wireshark;
Custom Tooling: Ability to develop scripts (Python, Bash) for specialized testing;
- Experience conducting authenticated testing (using provided credentials);
- Ability to perform code-assisted assessments when source code is available;
- Strong analytical skills to identify root causes and assess business impact;
- Experience testing large-scale, multi-tier, or cloud-hosted environments.
O que te proporcionamos
- Direct employment contract with the client;
- 100% remote work model.
Similar Jobs
Explore other opportunities that match your interests
Senior QA Engineer
Storyblok
morson edge
Localization QA Game Tester
