Penetration Tester

About the company

Bright is a rapidly growing, top-tier venture-funded company, focusing on developer-centric application security for the enterprise. We enable organizations to fix security issues before they reach production by integrating security early in the software development process, reducing reliance on manual testing, and running scans frequently.

Position

We are looking for a highly passionate, professional, hands-on software and team player Penetration Tester.
You’ll have a unique opportunity to work with cutting-edge technologies and build applications that allow the world’s biggest enterprises to test their applications.

About the product

The company is developing a SaaS product that empowers Application Security & Development teams to find and fix vulnerabilities iteratively at every step in the SDLC, without slowing them down.

Sphere of operation: Application Security Testing

Key Responsibilities:

• Perform comprehensive penetration tests on client applications to identify vulnerabilities, weaknesses, and potential threats.
• Analyze Bright’s DAST solution reports as part of the POC process, dive into false-positive or missed findings and file root-cause reports.
• Create detailed and clear reports outlining the results of penetration tests.
• Utilize a variety of testing methods and tools to evaluate the security of web and mobile applications.
• Collaborate with internal and external clients to understand the specific security concerns and objectives.
• Stay up-to-date with the latest security threats, vulnerabilities, and industry trends.
• Continuously expand your knowledge and skills in penetration testing and security assessment techniques.
• Provide ongoing support to ensure the successful mitigation of identified vulnerabilities.
• Manage internal bug bounty programs.

Hard Skills:

• Knowledge of multiple security tools (e.g., Burp Suite, Metasploit, Zap, AMASS).
• Knowledge of Scripting / code development in Python / Ruby
• Knowledge of Diagram designs and UML diagrams (draw.io etc..)
• Mobile Application Penetration Testing and iPhone\Android package testing (deb, apk)

Soft Skills:

• Excellent ability to communicate in English (Speaking / Writing)
• Team player with the ability to work autonomously in a fast-paced, dynamic environment and enjoy collaborating on cross-functional teams.
• Organized
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Qualifications:

• At least 3 years of Experience in pentesting and reporting on identified vulnerabilities.
• Thorough knowledge of information security components, principles, practices, and procedures.
• Experience running multiple security tools (e.g., Burp Suite, Metasploit, Zap, AMAAS).
• Ability to analyze results and debug security findings, triaging False Positives / True Positives
• Bachelor’s degree in Computer Science, Information Security, or a related field (preferred).
• Proven experience in penetration testing, ideally in a client-facing role.
• Strong knowledge of web and mobile application security vulnerabilities and exploitation techniques.

Bonus Skills:

• Industry certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP) are a plus.
• Excellent communication and presentation skills.
• Ability to collaborate effectively with clients to understand their needs and translate technical findings into actionable recommendations.
• Excellent communication and presentation skills.

Benefits

• Competitive salary
• Remote work
• Paid vacation (18 days a year), state holidays and sick leave
• World-class security experts changing the world of application and API security. Do it with us.
• A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.