Perform penetration testing on web, mobile, API, and application infrastructure systems.
Analyze and review source code to identify security vulnerabilities and propose remediation solutions.
Interpret and process results from automated tools (SonarQube, Acunetix, SAST/DAST, etc.), eliminate false positives, and determine actual risks.
Develop a risk matrix to categorize and prioritize security issues for remediation.
Collaborate closely with the development team, communicate findings in developers technical language, and provide specific guidance on how to fix vulnerabilities.
Prepare and present pen test reports to the development team and management.
Qualifications
12 years of experience in Penetration Testing or Application Security.
Solid knowledge of OWASP Top 10, SANS 25, web/mobile/app vulnerabilities, and exploitation techniques.
Ability to perform code reviews in at least one popular programming language (Java, C#, Python, JavaScript, etc.).
Proficiency in using and analyzing results from SAST/DAST tools (SonarQube, Acunetix, Burp Suite, ZAP, Checkmarx, etc.).
Experience in filtering false positives and creating clear risk matrices with proper prioritization for developers.
Strong presentation, reporting, and technical communication skills to explain solutions to developers.
Preferred:
Security certifications such as OSCP, OSWE, CEH, or equivalent.
Experience with CI/CD Security Integration is an advantage.
Benefit:
Enjoy all benefits under the companys compensation & benefits policy (premium health insurance, annual company trip, etc.).
Friendly and dynamic working environment with opportunities for career development.
Training, coaching, and continuous development provided by the company.
Additional benefits when joining MASs dynamic and professional team.
