Penetration Testing Specialist

PIN-UP Global is an international holding specializing in the development and implementation of advanced technologies, B2B solutions, and innovative products for the iGaming industry. We provide certification and licensing of our products, providing customers and partners of the holding with high-quality and reliable solutions. 

We are looking for a Senior Penetration Testing Specialist to join our team! 

Requirements: 

Education/Qualifications
– A bachelor's degree or higher in a relevant field would be a plus.
– Certification or equivalent experience in penetration testing (e.g., CEH, OSCP, OSWE).
– Programming/scripting abilities. If you are or have been a software developer/DevOps would be a plus.
– Applied security research – if you have CVE’s, been on hall-of-fame boards, and similar, would be a plus.
 

Experience
– 5 years or more of prior experience in penetration testing and vulnerability assessment.
– Experience in drafting recommendations to mitigate the risks associated with uncovered vulnerabilities and weak spots.
– Proficiency in the gambling industry operations and understanding of affiliate partnerships, casino infrastructure, and provider relationships would be a significant advantage.
 

Skills
– Knowledge of industry best practices and standards such as PTES, NIST SP 800-115, OSSTMM, OWASP Testing Guide, PCI SSC Testing Guide would be a plus.
– Fluent knowledge of the OSI model, TCP/IP stack, and routing.
– Fluent understanding of web technologies (WebSockets, OAuth2, JWT, etc.) and APIs (REST, GraphQL, gRPC, etc.) with the ability to demonstrate expertise in web technology stack.
– Understanding browser security mechanisms such as SOP, CSP, and HSTS.
– Ability to script basic operations for tasks such as parsing and exploiting bugs.
– Excellent communication skills, both written and verbal.
– Strong analytical skills and problem-solving abilities.
– Ability to work collaboratively and independently in a team.
– Deadline-oriented with the capability to manage multiple tasks.
– Cultural adaptability and the ability to work across diverse environments. 

Responsibilities: 

- Utilize proficient skills with tools such as Burp Suite, various extensions, diverse scanners, and nuances of their configurations to conduct penetration testing effectively.

- Demonstrate expertise in a popular web technology stack to review code when necessary.

- Identify, exploit, and address vulnerabilities outlined in OWASP Top 10, employing comprehensive knowledge of detection, exploitation, and remediation.

- Develop and conduct attacks against existing business logic rules and existing weak spots discovered.

- Participate in designing and implementing API-driven integrations between inventory management systems and vulnerability scanners to automate end-to-end vulnerability management, including scanning, risk-based prioritization, and remediation workflows.

- Analyze systems, construct threat models, strategize exploitation scenarios, and identify weak points.

- Understanding of gambling industry operations, including affiliate partnerships, casino infrastructure, and the role of providers to effectively test gaming platforms.

- Draft recommendations for vulnerability remediation tailored to project specifics. 

Why Join Us:

- Flexible remote or hybrid working format based on your location.

- No Time Trackers: We value trust and focus on results.

- Career growth, professional development, and regular performance reviews.
 

Hiring Steps: HR Interview > Technical Interview (no test task) > Reference check > Offer 

Our benefits to you:
🍀Great working atmosphere with a passionate multicultural team of experts and leaders in Development, Engineering, Architecture, Management, Operations, Marketing, fostering a friendly culture and a success-driven mindset
🏖 25+ paid vacation/off days along with paid sick leave
🧑‍💻 Laptop and all necessary equipment provided according to holding standards
💵 Referral program — get the bonus & enjoy cooperation with your colleagues
👨‍⚕ Comprehensive medical insurance for your health and well-being
🦄 Multiple internal activities: including an online platform with quests, gamification, and bonuses. Enjoy PIN-UP Talks Club for movie and book lovers, cozy board game evenings, and special office days dedicated to holidays
🎳 Company events and team-building activities to strengthen connections and foster a positive work environment
📍 Beautiful offices in Kyiv, Warsaw, Limassol, Almaty, and Yerevan — work in comfort and build your network of IT professionals every day
📚 Educational support from our L&D team, including internal and external training sessions, conferences, and courses on platforms like Udemy
🗣 Free internal English courses
🤸‍♀ Sports benefits to help you stay active and energized