Cloud Penetration Tester

📋 Description

• Conduct hands-on security evaluations.

• Assess application performance and behavior.

• Review and analyze source code.

• Identify practical exploitation scenarios.

• Validate security measures across contemporary architectures.

• Collaborate closely with clients and internal teams to provide high-quality technical assessments and actionable remediation strategies.

⛳️ Requirements

• Minimum of 4 years of experience in application security assessments, penetration testing, or offensive security initiatives.

• Comprehensive understanding of application security principles, modern attack methodologies, and prevalent vulnerabilities impacting web applications, APIs, mobile applications, and cloud-native environments.

• Practical experience in testing REST APIs, addressing authentication/authorization flaws, IDORs, injection vulnerabilities, session management concerns, and business logic errors.

• Proficient with AWS services and cloud security concepts, including IAM, STS, S3, Lambda, API Gateway, CloudTrail, CloudWatch, and secure communication patterns like SigV4.

• Strong grasp of networking and web fundamentals, such as HTTP/HTTPS, TCP/IP, DNS, API communication processes, cookies, headers, and related topics.

• Experience in reviewing source code for security vulnerabilities in Java, C#, and Python applications.

• Familiarity with secure coding practices and common risks like SSRF, insecure deserialization, injection vulnerabilities, sensitive data exposure, and insecure cloud integrations.

• Understanding of the Software Development Life Cycle (SDLC), CI/CD pipelines, and secure development methodologies.

• Experience utilizing security assessment and code review tools such as Burp Suite, Semgrep, Git, AWS CLI, and API testing/debugging tools.

• Comfortable operating in Linux, Windows, and macOS environments.

• Experience or a strong interest in AI/LLM security, encompassing prompt injection, RAG risks, insecure integrations, excessive permissions, and the OWASP Top 10 for LLM Applications.

• Excellent written and verbal communication skills, capable of delivering clear, actionable insights and articulating technical risks to both technical and executive audiences.

• Experience adhering to structured testing methodologies, documentation standards, and validation/retesting processes.

• Strong collaboration and interpersonal skills in working with security, engineering, and client teams.

• Ability to manage multiple simultaneous engagements while ensuring high-quality deliverables and meticulous attention to detail.

• Inquisitive, adaptable, and professional disposition with a commitment to continuous learning and keeping abreast of emerging security trends.

🏝️ Benefits

• Generous Time Off and Company-Wide Holidays.

• Team Events and Opportunities for International Travel.

• Support for Remote Work.

• Training Budget.

• Savings Fund.

• Food Coupons.

• Health and Wellbeing Programs.