Ethical Hacker / Penetration Tester

Project Context

Our client is building and maintaining software systems where reliability, data protection, and secure user flows are critical. The QA function is not limited to checking whether features work as expected. The team also needs someone who can actively challenge the system, identify weak points, verify security assumptions, and help prevent vulnerabilities before they reach production.

We are looking for an Ethical Hacker / Penetration Tester who can work closely with QA (or as a part time QA), engineering, and product teams to test web applications, APIs, authentication flows, permissions, infrastructure exposure, and overall application security.

This is a hands-on role. The main expectation is to find real risks, reproduce them clearly, document them properly, and help the engineering team validate that fixes are effective.

Role

We are looking for a Security QA Engineer / Ethical Hacker / Penetration Tester who will take ownership of security testing across application, API, and platform layers.

This person should be comfortable working as part of a QA-oriented delivery process while bringing deeper security expertise into the team. The role requires practical knowledge of penetration testing, vulnerability assessment, secure testing methods, and clear communication with developers.

Key Responsibilities

• Perform manual security testing of web applications, APIs, user flows, and admin panels.
• Conduct penetration testing against staging and production-like environments.
• Identify, reproduce, document, and validate security vulnerabilities.
• Test authentication, authorization, permissions, session management, password flows, and access-control logic.
• Review API endpoints for broken access control, injection risks, data exposure, rate-limit issues, and insecure design.
• Validate security fixes and perform regression security testing.
• Work with QA engineers to include security checks in the regular testing process.
• Prepare clear reports with reproduction steps, evidence, severity, impact, and recommended remediation.
• Collaborate with developers to explain vulnerabilities and verify that fixes address the real issue.
• Support threat modeling and security review of new features when needed.
• Help improve security awareness and testing standards inside the team.

Required Experience

• 3+ years of experience in penetration testing, application security, security QA, or ethical hacking.
• Strong understanding of OWASP Top 10 and common web application vulnerabilities.
• Experience testing REST APIs and web-based systems.
• Practical experience with authentication and authorization testing.
• Ability to discover, reproduce, and explain vulnerabilities clearly.
• Experience using security testing tools such as Burp Suite, OWASP ZAP, Nmap, Wireshark, Metasploit, or similar.
• Understanding of HTTP, HTTPS, cookies, headers, sessions, JWT, OAuth2, MFA, and role-based access control.
• Ability to write simple scripts or proof-of-concept checks when needed, preferably in Python.
• Strong documentation skills and ability to produce actionable vulnerability reports.
• Good communication skills and ability to work directly with engineering and QA teams.
• Upper-intermediate or better English for written and spoken communication.

Nice to Have

• Experience with cloud security testing, especially AWS, Azure, or GCP.
• Experience with Docker, Kubernetes, CI/CD pipelines, and infrastructure security basics.
• Experience with mobile application security testing.
• Experience with secure code review.
• Experience with SAST, DAST, dependency scanning, and security automation.
• Bug bounty experience or responsible disclosure background.
• Security certifications such as OSCP, PNPT, eJPT, CEH, GWAPT, or similar.
• Experience working in product teams rather than only external consulting environments.

What Success Looks Like

• Security issues are found early and described clearly.
• Developers can reproduce and fix reported vulnerabilities without confusion.
• QA coverage becomes stronger because security checks are included in regular delivery.
• Authentication, authorization, and API risks are actively tested before release.
• Security findings are prioritized by real impact, not just tool output.
• The team gains practical confidence that critical user flows and sensitive data are protected.