Application Security Engineer (Pentester / QA Automation) $$ Offline

We are the Product Security team, responsible for the security, reliability, and trust of Raiffeisen Bank’s digital ecosystem.

Our mission is to integrate security at every stage of the software development lifecycle — from design to release — and continuously strengthen the resilience of our services.

We are looking for an Application Security Engineer (Pentester / QA Automation) — a specialist who combines expertise in testing, automation, and software security.

In this role, you will identify, validate, and prevent vulnerabilities in mobile applications, web applications, APIs, and the bank’s cloud infrastructure

In this role, you will be responsible for conducting comprehensive security assessments of mobile applications, web applications, APIs, and cloud environments to identify vulnerabilities and strengthen defenses.

You will design and execute both manual and automated security tests, integrating them into CI/CD pipelines to ensure continuous security control throughout the product lifecycle, and help implement the Shift-Left Security approach — embedding security early in the development process to identify potential risks before production release

Your future responsibilities:

• Perform penetration tests and security assessments of mobile apps, web applications, APIs, and cloud solutions
• Develop and maintain automated security tests (UI, API), integrating them with GitHub Actions and other CI/CD systems
• Utilize tools such as OWASP ZAP, Burp Suite, CodeQL, Trivy, Dependabot, etc. to detect vulnerabilities
• Analyze scan results, prepare detailed reports, and provide actionable remediation recommendations
• Collaborate with developers to resolve identified vulnerabilities and verify remediations
• Support DevSecOps initiatives by integrating security checks into build and deployment processes
• Participate in the design of secure microservice and cloud-native architectures (Docker, Kubernetes)
• Develop internal checklists, test scenarios, and reusable testing libraries

Your skills and experience:

• 2+ years of experience in security testing, penetration testing, or QA automation with a security focus
• Understanding of SDLC/SSDLC and Shift-Left Security principles
• Hands-on experience testing mobile applications, web apps, APIs, and cloud platforms
• Knowledge of OWASP Top 10 vulnerabilities and practical skills in identifying them
• Experience with manual and automated testing — creating test cases and scenarios
• Practical experience with DAST/SAST/SCA tools (OWASP ZAP, Burp Suite, CodeQL, Trivy, etc.)
• Knowledge of Git and experience integrating security tests into CI/CD pipelines (GitHub Actions)
• Basic programming skills in Python, JavaScript, or Java
• Understanding of network protocols (HTTP, TCP/IP) and authentication mechanisms (OAuth2, JWT, SSO)
• Experience using Postman / Newman for REST API testing
• Ability to analyze scan results and prepare clear, analytical reports

Nice to have:

• Experience with Docker, Kubernetes, Kafka, Vault, Grafana, or other DevOps technologies
• Knowledge of SQL / NoSQL for injection and data manipulation testing
• Understanding of Cloud Security principles (AWS IAM, S3, EC2, Lambda, etc.)
• Experience in creating or maintaining automated security testing frameworks
• Participation in bug bounty programs, CTF competitions, or personal security research
• Development of custom checklists, scripts, or testing scenarios for security verification
• Familiarity with DevSecOps practices and security automation approaches
• Strong communication skills and the ability to collaborate effectively with development, QA, and security teams

We offer what matters most to you:

• Competitive salary: we guarantee a stable income and annual bonuses for your personal contribution. Additionally, we have a referral program with rewards for bringing in new colleagues to Raiffeisen Bank
• Social package: official employment, 28 days of paid leave, additional paternity leave, and financial assistance for parents with newborns
• Comfortable working conditions: possibility of a hybrid work format, offices equipped with shelters and generators, modern equipment. Classification: PUBLIC
• Wellbeing program: all employees have access to medical insurance from the first working day; consultations with a psychologist, nutritionist, or lawyer; discount programs for sports and purchases; family days for children and adults; in-office massages
• Training and development: access to over 130 online training resources; corporate training programs in CX, Data, IT Security, Leadership, Agile. Corporate library and English lessons. • Great team: our colleagues form a community where curiosity, talent, and innovation are welcome. We support each other, learn together, and grow. You can find like-minded individuals in over 15 professional communities, reading clubs, or sports clubs
• Career opportunities: we encourage advancement within the bank across functions
• Innovations and technologies: Infrastructure: AWS, Kubernetes, Docker, GitHub, GitHub actions, ArgoCD, Prometheus, Victoria, Vault, OpenTelemetry, ElasticSearch, Crossplain, Grafana. Languages: Java (main), Python (data), Go (infra, security), Swift (IOS), Kotlin (Android). Data stores: Sql-Oracle, PgSql, MsSql, Sybase. Data management: Kafka, AirFlow, Spark, Flink
• Support program for defenders: we maintain jobs and pay average wages to mobilized individuals. For veterans, we have a support program and develop the Bank’s veterans community. We work on increasing awareness among leaders and teams about the return of veterans to civilian life. Raiffeisen Bank has been recognized as one of the best employers for veterans by Forbes

Why Raiffeisen Bank?

• Our main value is people, and we support and recognize them, educate them and involve them in changes. Join Raif’s team because for us YOU matter!
• One of the largest lenders to the economy and agricultural business among private banks
• Recognized as the best employer by EY, Forbes, Randstad, Franklin Covey, and Delo.UA
• The largest humanitarian aid donor among banks (Ukrainian Red Cross, UNITED24, Superhumans, СМІЛИВІ)
• One of the largest IT product teams among the country’s banks. • One of the largest taxpayers in Ukraine; 6.6 billion UAH were paid in taxes in 2023

Opportunities for Everyone:

• Rife is guided by principles that focus on people and their development, with 5,500 employees and more than 2.7 million customers at the center of attention
• We support the principles of diversity, equality and inclusiveness
• We are open to hiring veterans and people with disabilities and are ready to adapt the work environment to your special needs
• We cooperate with students and older people, creating conditions for growth at any career stage