Senior Penetration Tester
What You’ll Do
You’ll be on the front lines of our security efforts, thinking like an attacker to help us stay one step ahead. As a Senior Offensive Security Engineer, you’ll break things (responsibly), uncover weaknesses, and help us build stronger, more resilient systems.
This is a hands-on role where you’ll move fast, experiment, and have real impact. You’ll work closely with engineers, product teams, and security to turn findings into fixes — not just reports.
Day to day, you’ll:
- Hack our own systems to find and fix vulnerabilities before others do
- Run white-box and black-box pentests across apps, infrastructure, and APIs
- Triage bug bounty reports and dig into external findings
- Go beyond surface issues with root cause and variant analysis
- Tear apart third-party tools and integrations to understand their risk
- Build scrappy (and scalable) tools for recon, automation, and insights
- Partner with engineers and the SOC to solve real security problems
- Share knowledge through demos, workshops, and hands-on sessions
- Help us decide where to focus to get the biggest security wins
- Shape and evolve our security programme as we grow
Who You Are
You’re curious, pragmatic, and love breaking things to make them better. You don’t just find problems — you help fix them.
- Have solid experience in penetration testing and offensive security
- Can spot vulnerabilities in code (especially Java and Node.js)
- Understand modern architectures — AWS, microservices, APIs
- Communicate clearly and give practical, actionable remediation advice
- Comfortable scripting and contributing to larger projects in Python
- Take ownership and don’t wait to be told what to do
Nice to have:
- Certs like OSCP, OSWE, CREST, GIAC, AWS (or equivalent experience)
- CTFs, bug bounty hunting, or involvement in the security community