Informacje o stanowisku

Senior Penetration Tester 

Business Area: Cybersecurity Research & Offensive Security
Work Model: Hybrid – 6 days per month from the office in Kraków (preferred) or Warsaw
Contract Type: B2B

Role Overview

We are looking for an experienced Senior Penetration Tester to join a global Cybersecurity team. In this role, you will lead and execute advanced security assessments across web, mobile, infrastructure, and API environments, ensuring high-quality delivery and clear risk articulation to both technical and non-technical stakeholders.

You will act as a subject matter expert (SME), driving penetration testing initiatives, mentoring junior team members, and contributing to the continuous improvement of cybersecurity standards, processes, and tooling.

Key Responsibilities

• Lead and deliver end-to-end penetration tests across:
  • Mobile applications (iOS & Android)
  • Web applications and APIs
  • Infrastructure and network environments
• Perform manual penetration testing, source code reviews, and configuration assessments
• Clearly document findings, including root cause analysis and business risk impact
• Design and demonstrate proof-of-concept exploits when required
• Collaborate with DevOps and engineering teams to:
  • Support remediation efforts
  • Improve secure development practices
  • Automate repetitive security testing tasks
• Assess product release risk and identify potential misuse scenarios
• Track remediation activities and support risk acceptance processes
• Support incident response activities when required
• Evaluate new security testing technologies and recommend improvements
• Monitor security industry developments and emerging threats
• Contribute to process enhancements and quality improvements
• Mentor junior team members and support knowledge sharing

What We Offer

• B2B contract
• Hybrid work model (6 days/month in office – Kraków preferred or Warsaw)
• Private medical care (LuxMed)
• MyBenefit cafeteria platform
• Dedicated support from Contractor Care team

Must-have:

• Minimum 3 years of hands-on penetration testing experience
• Strong web and mobile application testing expertise
• Solid knowledge of iOS and Android security models
• Practical experience with manual and automated security testing
• Strong understanding of TCP/IP and networking security
• Experience with SAST, DAST, IAST tools
• Strong programming/scripting skills
• Ability to explain complex security issues clearly to technical and non-technical audiences
• Excellent English communication skills (written & spoken)
• Ability to work independently or lead penetration testing teams

Technical Knowledge:

• Web technologies: HTML, XML, JavaScript, JSON, REST, Microservices
• Secure SDLC and DevOps environments
• Cryptography fundamentals and secure implementation practices
• Security mechanisms such as SSL/TLS, Certificate Pinning, OAuth2, JWT, SAML, RASP, biometric authentication
• Mobile security standards such as OWASP MASVS & MSTG

Nice to have:

• Code review experience (Java, Kotlin, Swift, Objective-C)
• Experience with cloud-hosted applications
• Reverse engineering or disassembly experience
• Background in secure software development

Certifications are not required but considered a plus.

Senior Penetration Tester 

Business Area: Cybersecurity Research & Offensive Security
Work Model: Hybrid – 6 days per month from the office in Kraków (preferred) or Warsaw
Contract Type: B2B

Role Overview

We are looking for an experienced Senior Penetration Tester to join a global Cybersecurity team. In this role, you will lead and execute advanced security assessments across web, mobile, infrastructure, and API environments, ensuring high-quality delivery and clear risk articulation to both technical and non-technical stakeholders.

You will act as a subject matter expert (SME), driving penetration testing initiatives, mentoring junior team members, and contributing to the continuous improvement of cybersecurity standards, processes, and tooling.

Key Responsibilities

• Lead and deliver end-to-end penetration tests across:
  • Mobile applications (iOS & Android)
  • Web applications and APIs
  • Infrastructure and network environments
• Perform manual penetration testing, source code reviews, and configuration assessments
• Clearly document findings, including root cause analysis and business risk impact
• Design and demonstrate proof-of-concept exploits when required
• Collaborate with DevOps and engineering teams to:
  • Support remediation efforts
  • Improve secure development practices
  • Automate repetitive security testing tasks
• Assess product release risk and identify potential misuse scenarios
• Track remediation activities and support risk acceptance processes
• Support incident response activities when required
• Evaluate new security testing technologies and recommend improvements
• Monitor security industry developments and emerging threats
• Contribute to process enhancements and quality improvements
• Mentor junior team members and support knowledge sharing

What We Offer

• B2B contract
• Hybrid work model (6 days/month in office – Kraków preferred or Warsaw)
• Private medical care (LuxMed)
• MyBenefit cafeteria platform
• Dedicated support from Contractor Care team

Requirements: Testing, iOS, Android, Security, TCP, Networking, SAST, DAST, Communication skills, Web technologies, XML, JavaScript, JSON, REST API, Microservices, SDLC, DevOps, Cryptography, SSL, TLS, SAML, OWASP, Java, Kotlin, Swift, Objective-C, Certifications

Praca Kraków

Tester Kraków

Kraków - Oferty pracy w okolicznych lokalizacjach