— At least 3 years of practical proven experience in penetration testing
— Ability to perform evaluation of Web application requirements, processes, technologies
— Experience in security testing of Web Services (SOAP, RESTful)
— Experience in different vulnerability scanners (OWASP ZAP, burp, MobSF, sonarqube etc.)
— Understanding of Web security testing process (e.g. OWASP Testing Framework, OWASP Serverless, OWASP API)
— Ability to resolve technical problems when required
— Ability to explain assessment results to technical and non-technical personnel
Nice to have:
— Certification in security field
— Understanding of and practical experience in security audit process, meeting fintech security compliance requirements (PCI DSS)
— Experience in different exploitation tools and frameworks (metasploit, beef, sqlmap etc)
— Previous experience as a software engineer or knowledge of software development methodologies is desired, but not mandatory
— Experience in security testing of network infrastructure
— Experience in development of security-related documentation
— Experience in AWS-services and AWS-serverless
— Work from anywhere in the world!
— Competitive salary.
— Compensation vacation (15 days off in a year).
— Global corporate events for all employees.
— Internet compensation (50$ per month).
— Relocation to Montenegro.
— Conduct vulnerability assessments and penetration testing
— Demonstrate considerable knowledge of planning and estimating specific to security assessment activities
— Collaborate with technical and management personnel across the full security assessment life cycle
— Utilize problem-solving skills, especially within troubleshooting complex issues while identifying options and/or alternatives
— Document all disclosed issues using different reporting formats (e.g. available for distribution to different concerned parties: business, technicians, clients)
— Provide remediation suggestions to correct disclosed issues
— Collaborate with personnel responsible for writing and presenting proposals to prospective clients
— Manage and contribute to planning, coordination and successful completion of security engagements