Penetration Tester

Company Description Bright Security delivers an enterprise-grade, developer-centric DAST platform that helps organizations identify and remediate vulnerabilities early and continuously in the SDLC. The platform is widely used for security testing of web applications, APIs, business logic, and LLM-based solutions. By integrating security testing into development workflows, Bright enables teams to ship secure software faster and with fewer production issues. Organizations that adopt Bright typically see vulnerability resolution times accelerated by up to 10x. The company focuses on empowering both security and engineering teams to collaborate effectively on application security.
Role Description This is a full-time, remote role for a Penetration Tester at Bright. The Penetration Tester will plan and execute security assessments on web applications, APIs, business logic, and LLM-based components, using both manual and automated techniques. This role includes identifying, validating, and documenting vulnerabilities, reproducing issues in collaboration with engineering, and recommending practical remediation steps. The Penetration Tester will work closely with product, development, and security teams to integrate findings into Bright’s dev-centric workflows and to enhance the DAST platform’s testing capabilities. Day-to-day responsibilities also include creating and maintaining test methodologies, contributing to security tooling, participating in red team exercises, and staying current with emerging threats and exploitation techniques.
Qualifications

• Strong application security skills, including secure coding concepts, common web and API vulnerabilities (e.g., OWASP Top 10), and practical experience exploiting them.
• Hands-on experience with penetration testing, red teaming, and offensive security methodologies, including scoping, execution, and reporting.
• Proficiency in reverse engineering and malware analysis to understand exploit behavior, payloads, and evasion techniques.

Interested in remote work opportunities in QA & Testing? Discover QA & Testing Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Solid cybersecurity fundamentals, including network security, operating system internals, authentication/authorization, and encryption basics.
• Familiarity with DAST, SAST, and other application security tools; experience integrating security testing into CI/CD pipelines is a plus.
• Ability to write clear, actionable technical reports and communicate risk and remediation guidance to both technical and non-technical stakeholders.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Experience with scripting or programming languages (e.g., Python, JavaScript, or similar) to develop custom tools, PoCs, and automation.
• Relevant certifications (e.g., OSCP, OSWE, GWAPT, GPEN) are beneficial but not required; equivalent hands-on experience is highly valued.
• Comfort working independently in a remote, distributed team environment and collaborating across time zones.