POSITION OVERVIEW
We are seeking a highly skilled and analytical Senior Security Penetration Tester to join our Cyber Security project in Georgia. This is not a checklist-based role; we are looking for a dedicated security professional who possesses an adversarial mindset. The successful candidate will go beyond automated scanning to perform deep-dive manual exploitation, identifying complex logic flaws and architectural weaknesses that automated tools often overlook.
KEY RESPONSIBILITIES
- Full-Spectrum Penetration Testing: Execute comprehensive security assessments across diverse environments, including Web Applications, Mobile Platforms (iOS/Android), Cloud Infrastructure (AWS/GCP), and internal corporate networks.
- Deep-Dive API & IAM Analysis: Perform rigorous testing on the backbone of our digital services, focusing on API security, authentication protocols, and Identity & Access Management (IAM) to prevent unauthorized privilege escalation.
- Vulnerability Chaining & Impact Analysis: Correlate disparate vulnerabilities to build comprehensive attack scenarios. Demonstrate the potential business impact of findings through clear, reproducible Proof of Concepts (PoC).
- Strategic Remediation & Reporting: Deliver high-quality technical reports for both technical and executive audiences. Provide actionable, risk-based remediation guidance to development teams to strengthen the organizational security posture.
- Security Research: Stay abreast of the latest threat actor TTPs (Tactics, Techniques, and Procedures) and integrate new exploitation methods into the testing lifecycle.
DESIRED QUALIFICATIONS (NICE-TO-HAVE)
- Specialized Domain Knowledge: Previous experience in Game Security (including client/server architecture and anti-cheat systems) is highly regarded.
- Professional Certifications: Holding industry-recognized certifications such as - OffSec: OSWE, OSCP, or OSEP and/or HTB/TCM: CWES, CWEE, PWPE, or PMPA.
- Specialized: CMSE (Cloud), ASCP (API), or GIAC (GMOB, GWAPT, GCPN).
- Industry Contributions: Active participation in Bug Bounty programs (HackerOne, Bugcrowd) or a history of discovered and documented CVEs.
