Penetration Tester, Retail Engineering

Role Overview: As a penetration tester, you will be responsible for conducting manual penetration testing against various targets such as web applications, APIs, cloud environments, infrastructure, mobile applications, and bespoke technologies. You are expected to communicate your findings effectively through high-quality reports and presentations. Moreover, you will provide security advice and collaborate with engineering teams and non-technical partners. Your role will also involve developing scripts and tools to enhance penetration testing activities and demonstrating proof of concepts. Additionally, you will be required to conduct source code reviews of large complex applications, become a subject matter expert in a specific security area, and contribute to shaping security requirements, technical documentation, and testing methodology. Teaching and sharing expertise with colleagues will also be a part of your responsibilities. Key Responsibilities: - Conduct manual penetration testing against web applications, APIs, cloud environments, infrastructure, mobile applications, and bespoke technologies - Communicate findings through high-quality reports and presentations - Provide security advice and partnership to engineering teams and non-technical partners - Develop scripts and tooling to support penetration testing activities or demonstrate proof of concepts - Perform source code review of large complex applications - Become a subject matter expert in a specific security area and contribute to shaping security requirements, technical documentation, and testing methodology - Teach and share expertise with others Qualifications Required: - In-depth knowledge of web application security, system, and infrastructure security - Expertise in a specialist security topic such as cloud security, mobile security, container security, etc. - Ability to read and understand source code (Java, JavaScript, Go, etc.) and identify vulnerabilities in sophisticated code bases - Ability to learn new skills, concepts, and technologies - Strong written and verbal communication skills with the ability to communicate vulnerabilities to various stakeholders - Strong understanding of fundamental computing, database, networking, and security concepts - OSCP or OSWE certification - Experience with CTFs or hacking labs - Proficiency in MacOS and other Unix-based systems - Ability to comprehend large sophisticated systems and context-switch when required - Programming/scripting skills (Python, JavaScript, Go, etc.) - Knowledge of cloud architecture and security - Publications, security research, bug bounties, or CVEs are highly regarded - Bachelor's in Computer Science or equivalent - Passion for information security, particularly in penetration testing Note: Submit CV to apply for the position.,