We’re looking for a proactive and hands-on Penetration Tester who goes beyond redteaming and static reporting. In this role, you'll be embedded within our Agile development teams, working side-by-side with developers, architects, and DevOps to identify, exploit, and remediate security weaknesses as part of the development lifecycle. Instead of a traditional assessment-and-report approach, you’ll shift left, influencing design, architecture, and implementation with security in mind—helping us build secureby-design products at sprint speed. You’ll help teams identify security issues early, log findings directly into our Jira system,and assist in building and maintaining threat model documentation that’s central to our SDLC process.
Key Responsibilities:
Participate in Agile ceremonies (standups, sprint planning, retros) to ensure security concerns are addressed early.
Perform ongoing penetration testing, code-assisted security reviews, and vulnerability analysis during development sprints.
Collaborate closely with developers to remediate security issues as they arise.
Develop and automate security test cases that integrate into CI/CD pipelines.
Analyze new features and user stories for security risks before they are implemented.
Assist development teams in creating and maintaining threat models as part of the SDLC.
Report vulnerabilities and findings directly in Jira, aligned with sprint workflows.
Promote a security-first culture through collaboration, mentoring, and knowledge sharing.
What We’re Looking For:
Hands-on experience in penetration testing, offensive security, or vulnerability research.
Strong understanding of application security (OWASP Top 10, CWE, etc.) and secure SDLC practices.
Experience working in Agile environments (Scrum, Kanban).
Familiarity with Jira or similar ticketing systems.
Experience helping teams build and evolve threat model documents.
Knowledge of DevSecOps principles and CI/CD integration (e.g., GitLab CI, Jenkins,CircleCI).
Proficiency in security testing tools and scripting (e.g., Burp Suite, Metasploit,Nmap).
Ability to read and understand common programming languages (e.g., JavaScript,Python, Java, C#).
Strong communication skills with the ability to translate security concepts for nonsecurity stakeholders.
Certifications like OSCP, OSWE, or equivalent experience are a plus.
Penetration Testing, Offensive Security, Vulnerability Research, Application Security, Secure SDLC Practices, Agile Methodologies, Scrum, Kanban, Jira, Threat Modeling, DevSecOps, CI/CD Integration, GitLab CI, Jenkins, CircleCI, Burp Suite, Metasploit, Nmap, Scripting, JavaScript, Python, Java, C#, Security Communication, OSCP, OSWE