Senior Penetration Tester
warszawa
HRO Digital is an international company providing recruitment support within #Fintech, #Finance and #Banking market in EMEA. We connect the most innovative organizations with the best people in the market. We conduct systematic market research, which allows our Digital Teams to be a step ahead of the competition.
Do you want to work for one of the world’s largest global banks? Want to be part its exciting digital transformation? Do you want to engineer incredible products for millions of customers?
Well, our Client offers just that ☺︎ It's a leader in digital transformation of banking services and Cracow is one of the most important technological centers - majority of projects are delivered from Poland ☺︎
This role involves providing expertise in Penetration Testing to support broader Cyber Security efforts. The successful candidate will work as part of a global or regional Cybersecurity team, offering guidance, oversight and assurance on security processes, controls, standards and regulatory requirements.
What will you do?
Lead and manage penetration tests for various technologies
Conduct technical security assessments of mobile apps, infrastructure, networks, web services and APIs, including manual penetration testing and code review
Document root causes and risk analysis clearly and professionally
Follow security testing processes and suggest improvements to the manager
Collaborate with DevOps teams to meet security testing requirements and automate tasks
Apply testing methods to business functions and relevant risks
Create basic proof-of-concept exploits for vulnerabilities when needed
Guide penetration tests and results to ensure the bank stays within acceptable risk levels
Act as a cybersecurity technical expert in both internal and external discussions
Improve the quality and efficiency of cybersecurity services in line with broader strategies
Follow the three lines of defence model, ensuring clear responsibilities and duties
Ensure compliance with internal audits and external regulations, making sure changes are appropriate
Work with stakeholders to enhance the cybersecurity strategy, protecting the bank's technology and values
Supervise, guide and mentor less experienced team members
A successful candidate will ensure the security of the company's applications by identifying vulnerabilities, suggesting controls, guiding risk reduction and working directly with engineering, management teams, business owners and global tech groups.
Requirements:
At least 5 years of hands-on experience in penetration testing
Strong understanding of security models for iOS and Android platforms
Excellent knowledge of platform-specific security risks, common vulnerabilities in mobile applications, and risks in financial applications
Practical experience in penetration testing of infrastructure, web, and mobile technologies using both manual and automated methods
Excellent knowledge of TCP/IP and related security issues
Strong experience in web application testing
Proven programming and scripting skills
Ability to explain security functionality from the basics
Ability to adapt and apply knowledge to new scenarios and technologies
Strong understanding of cryptography in application development
Nice to have:
Strong understanding of mobile app technologies and protocols (HTML, XML, JavaScript, JSON, REST, Micro-services)
Knowledge of software development lifecycles, especially DevOps
Experience with dynamic and static application security testing tools
Skilled in security code reviews for Java, Objective C, Swift and Kotlin
Strong initiative and ability to collaborate with various clients
Familiarity with mobile security testing frameworks like OWASP MASVS and MSTG
Knowledge of enterprise application design and common security issues
Advanced knowledge of security analysis tools and testing techniques for mobile security
Hands-on experience with SAST, DAST and IAST tools
Knowledge of security mechanisms like SSL, pinning, biometric authentication, JWT, SAML, RASP, and Oauth2
The offer:
Prestigious position at one of the world's largest banks
Competitive salary with a B2B contract
Remote work (Poland based) and flexible working hours
Working with cutting-edge IT technologies
Personal growth and development opportunities within the organization
Private healthcare coverage and multisport card
Referral program and company events
Convenient parking, relaxation and game rooms, bicycle racks and showers for cyclists
Our on-line recruitment process comprises of two meetings with hiring managers, followed by an initial phone screening with our recruiter.