Job VC
Senior Security Engineer (Penetration Testing)
Technologies
Description
About ELITEX:
ELITEX is a Software Development company, founded in 2015, with the core expertise & focus on JavaScript, DevOps and Staff Augmentation services.
Our company has devoted teams of professionals with strong technical expertise and mentoring background, providing a full cycle of software development.
At ELITEX every employee’s voice matters, processes are smooth and deprived of useless bureaucracy, working conditions are great. Apply for a job and check it for yourself!
About the Project:
An international technology company specializing in the development of digital platforms and business solutions. The team brings together engineers, consultants, and designers from across the globe, helping clients drive digital transformation, optimize processes, and build scalable products. The company works with clients across industries such as finance, telecommunications, retail, and manufacturing.
About the Role:
A skilled Penetration Tester / Security Engineer to perform offensive security assessments across web applications, mobile applications, APIs, and related infrastructure. The role focuses on identifying real-world risks, validating exploitability, and delivering actionable remediation guidance to engineering teams.
Responsibilities:
You plan and execute authorized penetration tests for web applications, mobile applications
(iOS/Android), APIs (REST, GraphQL), and backend services.
You perform threat modeling, attack surface analysis, and risk-based scoping to prioritize testing efforts.
You identify, safely exploit, and validate vulnerabilities using a mix of automated tools and manual techniques; produce proof-of-concept exploits where appropriate.
You maintain and expand a findings knowledge base, test cases, and remediation patterns.
You produce clear, technical reports including executive summaries, risk ratings, reproducible steps, PoCs, and prioritized remediation recommendations.
You collaborate with development, DevOps, and product teams to explain findings, validate fixes, and advise on secure design and secure coding practices.
You integrate repeatable security tests into development pipelines (SAST/DAST) where feasible.
You support security reviews, audits, compliance activities, and incident responses as needed.
You document and deliver internal training, workshops, and knowledge-sharing sessions to raise security awareness.
Requirements:
You have 5+ years of hands-on experience performing penetration tests and vulnerability assessments on web applications, mobile apps, and APIs.
You have a strong practical knowledge of OWASP Top 10, API security risks, and common exploitation techniques.
You have proficiency with penetration testing tools such as Burp Suite, ZAP, Nmap, Metasploit, sqlmap, and API fuzzers.
You have experience with mobile application testing: reverse engineering, instrumentation, insecure storage, and platform-specific weaknesses.
You have solid scripting and automation skills (Python, Bash, or similar) for custom tooling and automation.
You have familiarity with cloud security and container security basics.
You have a strong understanding of secure coding practices and ability to translate findings into developer-friendly remediation steps.
You have excellent written and verbal communication skills for technical reporting.
You have analytical mindset, attention to detail, and ability to prioritize findings by business impact and business aspects.
You will demonstrate the ability to guide, support and collaborate with SOC analysts while fostering a team-oriented culture.
You will show potential to step into a people-led role by contributing to process design, mentoring junior team members and driving team accountability.
Nice to have:
You have relevant certifications.
You have 2+ years of experience developing REST/GraphQL APIs, and Web Applications.
You have relevant experience in a similar position.
Company benefits:
Cozy office in the very center of the city;
Modern working place (iMac/MacBook or other preferred hardware);
Convenient type of work: office/remote/hybrid;
No time-tracking systems;
20 working days of paid vacation annually, which you can take according to your needs (even one by one or all together);
Paid sick-leaves;
Health insurance;
English classes;
Additional vacation days for special lifetime events;
Compensation for educational and training programs;
Team buildings and corporate events.
ELITEX is a Software Development company, founded in 2015, with the core expertise & focus on JavaScript, DevOps and Staff Augmentation services.
Our company has devoted teams of professionals with strong technical expertise and mentoring background, providing a full cycle of software development.
At ELITEX every employee’s voice matters, processes are smooth and deprived of useless bureaucracy, working conditions are great. Apply for a job and check it for yourself!
About the Project:
An international technology company specializing in the development of digital platforms and business solutions. The team brings together engineers, consultants, and designers from across the globe, helping clients drive digital transformation, optimize processes, and build scalable products. The company works with clients across industries such as finance, telecommunications, retail, and manufacturing.
About the Role:
A skilled Penetration Tester / Security Engineer to perform offensive security assessments across web applications, mobile applications, APIs, and related infrastructure. The role focuses on identifying real-world risks, validating exploitability, and delivering actionable remediation guidance to engineering teams.
Responsibilities:
You plan and execute authorized penetration tests for web applications, mobile applications
(iOS/Android), APIs (REST, GraphQL), and backend services.
You perform threat modeling, attack surface analysis, and risk-based scoping to prioritize testing efforts.
You identify, safely exploit, and validate vulnerabilities using a mix of automated tools and manual techniques; produce proof-of-concept exploits where appropriate.
You maintain and expand a findings knowledge base, test cases, and remediation patterns.
You produce clear, technical reports including executive summaries, risk ratings, reproducible steps, PoCs, and prioritized remediation recommendations.
You collaborate with development, DevOps, and product teams to explain findings, validate fixes, and advise on secure design and secure coding practices.
You integrate repeatable security tests into development pipelines (SAST/DAST) where feasible.
You support security reviews, audits, compliance activities, and incident responses as needed.
You document and deliver internal training, workshops, and knowledge-sharing sessions to raise security awareness.
Requirements:
You have 5+ years of hands-on experience performing penetration tests and vulnerability assessments on web applications, mobile apps, and APIs.
You have a strong practical knowledge of OWASP Top 10, API security risks, and common exploitation techniques.
You have proficiency with penetration testing tools such as Burp Suite, ZAP, Nmap, Metasploit, sqlmap, and API fuzzers.
You have experience with mobile application testing: reverse engineering, instrumentation, insecure storage, and platform-specific weaknesses.
You have solid scripting and automation skills (Python, Bash, or similar) for custom tooling and automation.
You have familiarity with cloud security and container security basics.
You have a strong understanding of secure coding practices and ability to translate findings into developer-friendly remediation steps.
You have excellent written and verbal communication skills for technical reporting.
You have analytical mindset, attention to detail, and ability to prioritize findings by business impact and business aspects.
You will demonstrate the ability to guide, support and collaborate with SOC analysts while fostering a team-oriented culture.
You will show potential to step into a people-led role by contributing to process design, mentoring junior team members and driving team accountability.
Nice to have:
You have relevant certifications.
You have 2+ years of experience developing REST/GraphQL APIs, and Web Applications.
You have relevant experience in a similar position.
Company benefits:
Cozy office in the very center of the city;
Modern working place (iMac/MacBook or other preferred hardware);
Convenient type of work: office/remote/hybrid;
No time-tracking systems;
20 working days of paid vacation annually, which you can take according to your needs (even one by one or all together);
Paid sick-leaves;
Health insurance;
English classes;
Additional vacation days for special lifetime events;
Compensation for educational and training programs;
Team buildings and corporate events.