Senior Penetration Tester (IRC289411)

Job Description

• 5+ years of dedicated professional penetration testing experience, with at least 3 years focused on Web and Network environments;
• Bachelor’s degree in Computer Science, Cyber Security, or equivalent practical experience;
• Mastery of the OWASP Top 10 and ASVS, expert-level proficiency with Burp Suite Professional, SQLMap, and directory brute-forcing tools;
• Hands-on experience testing applications hosted on AWS, including identity and access management (IAM) misconfigurations;
• Understanding of containerization (Docker, Kubernetes) and how it impacts the application attack surface;
• Proficiency in Python, Go, or JavaScript for custom exploit development and workflow automation will be a plus.
• Understanding of Healthcare compliance, such as the FDA, will be a huge advantage.

Job Responsibilities

In the role of Senior Pentester - you will be expected to perform the following:

• Perform full-stack penetration tests on complex web applications (SPA, Microservices, GraphQL);
• Conduct static (SAST) and dynamic (DAST) analysis, including reverse engineering, SSL pinning bypass, and root/jailbreak detection evasion;
• Collaborate with engineers to validate fixes and implement long-term defensive controls.
• Develop custom scripts and payloads to automate repetitive tasks and integrate security testing into CI/CD pipelines.

Department/Project Description

Our client is an innovative manufacturer of medical devices in the United States that produces devices and software applications.

In this project, you will have a great opportunity to be involved in the full penetration testing life cycle of medical software, including Web, Mobile, Desktop applications, and APIs, which are intended to help individuals by processing certain information taken from medical devices to identify health trends and to track daily activities.

In addition - there are opportunities to work with medical devices, in the scope of end-to-end testing.