Job VC
Application Security Engineer & Penetration Tester
Technologies
Description
This role combines Penetration Testing and Application Security. You won’t just generate reports from tools; you’ll manually verify real threats and help developers secure their code.
Your responsibilities will be closely tied to both pentesting and application security. To identify threats, you will apply various approaches and methodologies for timely detection, including both manual and automated testing using a range of tools. You will also be responsible for writing reports with detailed descriptions of threats and exploitation vectors.
Managing our AppSec tools (SAST/DAST/IAST/SCA) to keep the pipeline clean and working directly with devs to fix real vulnerabilities, not just false positives.
Requirments:
2+ years in Pentesting and Application Security.
BA in Computer Information Systems, Management Information Systems, or similar relevant field;
Ability to read and understand code (Python, Java, C#, or JS). You should be able to identify vulnerable patterns manually during code reviews.
You are comfortable with the standard arsenal: Burp Suite, Nmap, Metasploit, Nessus, etc.
You can explain vulnerabilities to a manager and a developer in a way that makes sense to both.
Hands-on experience with testing frameworks such as the PTES and OWASP;
Hands-on experience with enterprise SAST, DAST, IAST, and SCA assessment tools;
Critical thinker and problem solver;
Collaborate with other teams to achieve continuous improvement in cyber defense.
Responsibilities:
Perform various types of penetration tests, including black box testing, to identify potential security risks;
Analyze and evaluate security vulnerabilities, identifying and classifying possible threats;
Run pentests on web apps, APIs, authentication, and internal infrastructure.
Creating reports with a detailed description of threats and their impact.
Manage and tune SAST/DAST/SCA/IAST tools.
Implement best practices to improve system and application security.
Develop detailed security briefings and reports to document findings and recommend solutions;
Participate in design reviews and threat modeling to catch security flaws before a single line of code is written.
Work with the DevOps team to improve security and integrate Security Tools into CI/CD pipelines.
Will be a plus:
OSCP, eJPT, or similar practical certs.
Active on HackTheBox, TryHackMe, or bug bounty platforms.
Expert in popular security tools and programs such as Nmap, Burp Suite, Metasploit Framework, Wireshark, Kali Linux, Nessus, Hashcat, SQLmap, OWASP ZAP, OX Security.
Experience in network security architecture, infrastructure security, and application security;
Write scripts (Python, Bash) to automate routine checks or parse scan results.
Understanding of OWASP, NIST, ISO 27001, PCI DSS Standards.
We offer:
🌴 24 paid vacation days, 14 sick days, and 5 days off
⏰ Flexible start of the working day — from 9:00 to 11:00
🏥 Medical insurance
💰 Bonuses and performance-based rewards
🐶 Office in the center of Kyiv — pets are welcome, we are pet-friendly
💆 Lounge area in the office to recharge during the day
🎾 Padel tennis, football, and training at the polygon for those who enjoy active leisure
📚 Learning compensation, internal meetups and workshops, as well as access to the corporate LMS with courses
Your responsibilities will be closely tied to both pentesting and application security. To identify threats, you will apply various approaches and methodologies for timely detection, including both manual and automated testing using a range of tools. You will also be responsible for writing reports with detailed descriptions of threats and exploitation vectors.
Managing our AppSec tools (SAST/DAST/IAST/SCA) to keep the pipeline clean and working directly with devs to fix real vulnerabilities, not just false positives.
Requirments:
2+ years in Pentesting and Application Security.
BA in Computer Information Systems, Management Information Systems, or similar relevant field;
Ability to read and understand code (Python, Java, C#, or JS). You should be able to identify vulnerable patterns manually during code reviews.
You are comfortable with the standard arsenal: Burp Suite, Nmap, Metasploit, Nessus, etc.
You can explain vulnerabilities to a manager and a developer in a way that makes sense to both.
Hands-on experience with testing frameworks such as the PTES and OWASP;
Hands-on experience with enterprise SAST, DAST, IAST, and SCA assessment tools;
Critical thinker and problem solver;
Collaborate with other teams to achieve continuous improvement in cyber defense.
Responsibilities:
Perform various types of penetration tests, including black box testing, to identify potential security risks;
Analyze and evaluate security vulnerabilities, identifying and classifying possible threats;
Run pentests on web apps, APIs, authentication, and internal infrastructure.
Creating reports with a detailed description of threats and their impact.
Manage and tune SAST/DAST/SCA/IAST tools.
Implement best practices to improve system and application security.
Develop detailed security briefings and reports to document findings and recommend solutions;
Participate in design reviews and threat modeling to catch security flaws before a single line of code is written.
Work with the DevOps team to improve security and integrate Security Tools into CI/CD pipelines.
Will be a plus:
OSCP, eJPT, or similar practical certs.
Active on HackTheBox, TryHackMe, or bug bounty platforms.
Expert in popular security tools and programs such as Nmap, Burp Suite, Metasploit Framework, Wireshark, Kali Linux, Nessus, Hashcat, SQLmap, OWASP ZAP, OX Security.
Experience in network security architecture, infrastructure security, and application security;
Write scripts (Python, Bash) to automate routine checks or parse scan results.
Understanding of OWASP, NIST, ISO 27001, PCI DSS Standards.
We offer:
🌴 24 paid vacation days, 14 sick days, and 5 days off
⏰ Flexible start of the working day — from 9:00 to 11:00
🏥 Medical insurance
💰 Bonuses and performance-based rewards
🐶 Office in the center of Kyiv — pets are welcome, we are pet-friendly
💆 Lounge area in the office to recharge during the day
🎾 Padel tennis, football, and training at the polygon for those who enjoy active leisure
📚 Learning compensation, internal meetups and workshops, as well as access to the corporate LMS with courses