94 311
15 366
Technologies-optional : HTML XML Java Script JSON REST about-project : This job role is responsible for providing subject matter expertise in Penetration Testing to support wider Cyber Security efforts and organization. The successful candidate will operate as part of a global/regional team within the Cybersecurity organization to provide expertise, oversight and assurance around security process, controls, standards, and regulatory requirements. responsibilities : Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review. Clearly and professionally document root cause and risk analysis of all findings. Adhere to the security testing process and raise any gaps or opportunities for improvement with manager. Work closely with the Dev Ops teams to ensure that the security testing requirements are met and help automate repetitive tasks. Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks. Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required. Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports. Advise on vulnerability remediation, control implementation and secure development practices. Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications. Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities. Assist in planning, test execution and vulnerability mitigation. Ensure that company security policies are implemented, enforced, and enhanced when appropriate. Participate in team discussions to formulate new or enhance existing processes and standards. Assist in security incident response activities. Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices, report control weaknesses, compliance breaches and operational loss events. Run evaluations of new security testing technologies and provide recommendations. requirements-expected : At least 5 years of prior demonstrable hands-on experience in penetration testing. Solid understanding of the platform security models for i OS and Android platforms. Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications. Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods. Excellent TCP/IP knowledge and understanding of security implications/issues. Strong web application testing experience. Proven programming/scripting skills. Ability to explain security functionality from first principles. Ability to adapt and apply information to new scenarios and technologies. Strong understanding of applied use of cryptography in application development. offered : Competitive salary Annual performance-based bonus Additional bonuses for recognition awards Multisport card Private medical care Life insurance One-time reimbursement of home office set-up (up to 800 PLN) Corporate parties & events CSR initiatives Nursery discounts Financial support with trainings and education Social fund Flexible working hours Free parking (Cracow office) benefits : sharing the costs of sports activities private medical care sharing the costs of professional training & courses life insurance remote work opportunities flexible working time integration events corporate sports team doctor’s duty hours in the office retirement pension plan corporate library no dress code coffee / tea parking space for employees leisure zone extra social benefits employee referral program opportunity to obtain permits and licenses charity initiatives family picnics extra leave In-office gym