Junior Penetration Tester

Job Title:

Company Name:

Work Mode:

Employment Type:

Working Days:

CSAI EXPO is looking for a Junior Penetration Tester to support security assessments across web applications, APIs, networks, and cloud environments. This role is suited for candidates who have hands-on experience through bug bounty programs and are looking to apply that knowledge within a structured offensive security team.

Role Overview

The position involves assisting senior security engineers during penetration testing engagements, validating vulnerabilities, documenting findings, and contributing to improving the overall security posture of client systems.

Key Responsibilities

• Participate in planning and conducting penetration tests across web, network, cloud, and mobile environments using a mix of automated tools and manual testing.
• Perform reconnaissance, scanning, and enumeration to identify vulnerabilities, misconfigurations, and insecure patterns.
• Validate, reproduce, and triage issues discovered during assessments or received through bug bounty activities.
• Support retesting efforts after fixes and contribute to accurate, well-structured test reports.
• Document vulnerabilities with clear explanations of impact, proof of concept, and recommended remediation steps.
• Work with senior pentesters, developers, and infrastructure teams to clarify findings and support secure design.
• Stay updated on emerging vulnerabilities, techniques, and tools, especially in the bug bounty and web application security space.

Requirements

• Documented bug bounty experience on public or private platforms, with valid reports, acknowledgments, or write-ups.
• Good understanding of core web security concepts such as authentication flaws, access control issues, injection attacks, and client-side vulnerabilities.
• Familiarity with commonly used tools such as Burp Suite, Nmap, browser dev tools, and basic scripting (Python, Bash, or JavaScript).
• Basic knowledge of networking fundamentals, HTTP, Linux/Windows environments, and hands-on lab experience.
• Ability to create clear, structured reports explaining findings, impact, and remediation in simple terms.
• Genuine interest in cybersecurity, continuous learning, and involvement in CTFs, labs, or personal security projects.