Role & responsibilities

Execute application VAPTs (web, API, mobile, desktop, infrastructureadjacent and cloud components) using manual techniques and supporting tools

Execute network penetration tests following standardized test cases and methodologies

Perform cloud security assessments, including:

Review and testing of cloud environments

Identification of cloud misconfigurations, excessive permissions, insecure identities, exposed services, and weak security controls

Perform security assessments of applications and platforms that incorporate AI, machine learning, or LLM-based components

Perform reconnaissance, vulnerability identification, exploitation, and validation using attackerbased techniques

Select appropriate test depth based on scope, asset criticality, and findings discovered during testing

Reporting & Documentation

Produce clear, structured, Englishlanguage penetration test reports, including AIrelated findings where applicable, with:

Reproducible evidence (screenshots, request/response samples, payloads, logs, scripts)

Accurate risk ratings aligned with CVSS and internal rating models

Actionable remediation guidance tailored to development, infrastructure, or AI engineering teams

Document findings in centralized tooling (e.g., vulnerability or risk tracking systems) and support remediation tracking

Collaboration & Process Adherence

Work closely with:

IT Product Managers and application owners

Infrastructure, network, and platform teams

Security architecture and IT Security officer stakeholders

Support test scoping activities, including identifying AI or LLM components that fall within testing scope

Strictly follow internal penetration testing processes, reporting standards, and quality expectations

Continuous Improvement

Stay current with:

Emerging application, network, and AIspecific attack techniques

Using AI to increase productivity

Contribute to the evolution of internal testing approaches as AIenabled systems become more common

Preferred candidate profile

• Strong understanding of:
• OWASP based vulnerabilities, including Web Application, API and LLM
• Common attack chains from reconnaissance through exploitation
• Authentication, authorization, session handling, and access control weaknesses
• Cloud Security fundamentals, including identity, networking and security controls
• Solid knowledge of:
• Linux and Windows systems
• Networking fundamentals (TCP/IP, DNS, routing, firewalls, AD concepts)
• AI System Architectures
• Burp Suite / ZAP

Experience using common security testing tools such as:

• Network scanners and enumeration tools

Ability to write or adapt scripts for testing or exploitation (e.g., Python, Bash, PowerShell)

Reporting & Communication

• Very good written and spoken English (mandatory)
• Ability to clearly explain security findings to technical and nontechnical stakeholders

Nice to have:

• At least one relevant security certification is highly preferred, such as:
• OSCP
• GWAPT / GPEN
• Comparable handson penetration testing certifications