As part of the Security team, you will work closely with product and engineering teams to ensure the security of web and desktop applications.

You will take ownership of security assessments, contribute to secure development practices, and help drive security maturity across the organization.

Role and Responsibilities

• Perform penetration testing and security assessments of:

  • Web applications and APIs

  • Desktop (thick client) applications

• Identify vulnerabilities and clearly communicate risks and impact.

• Produce high-quality security reports with:

  • clear reproduction steps

  • realistic impact assessment

  • practical remediation guidance

• Work closely with developers and product teams to:

  • explain vulnerabilities

  • support remediation

  • validate fixes

• Improve internal security processes, tools, and methodologies.

• Participate in secure coding trainings and knowledge sharing.

Required Technical and Professional Expertise

• 3+ years of hands-on experience in application security/penetration testing.

• Strong practical experience in:

  • Web application security testing (OWASP WSTG, ASWS or equivalent)

  • API security (auth flows, business logic, abuse cases)

• Understanding of desktop application security basics, including:

  • Local storage / ACLs / secrets handling

  • Reverse engineering basics (static/dynamic analysis)

  • Common issues (hardcoded secrets, insecure IPC, weak crypto usage)

• Solid understanding of:

  • Common vulnerability classes and their root causes

  • Client-server interaction models

  • Network communication protocols

  • Modern web technologies

  • Authentication mechanisms

  • Secure Software Development Lifecycle

• Foundational Knowledge of AI Security

  • Understanding of the OWASP Top 10 for LLM Applications (e.g., Prompt Injection, Sensitive Data Disclosure, Insecure Output Handling)

  • Proficiency in using LLMs and AI-powered tools to accelerate vulnerability analysis, deobfuscate code, and automate the creation of custom security tools or exploit scripts

  • Prompt Engineering: Ability to craft and refine complex prompts for deep-dive code analysis (SAST) and generating context-aware test cases for business logic flaws

• Hands-on experience with tools such as:

  • Burp Suite (advanced usage)

  • Proxies, fuzzers, scanners

  • SAST / DAST tools

  • Sysinternals Suite (ProcMon, SigCheck, etc.)

  • Basic RE tools (Ghidra, jadx, dnSpy — at least on a basic level)

  • AI Productivity Tools: AI-assisted coding environments (e.g., GitHub Copilot, Cursor, or Claude Code) to streamline security auditing and remediation workflows

• Strong communication skills:

  • Ability to explain security issues to engineers

  • Clear and structured reporting in English

  • Ability to work independently and take ownership.

Nice to Have

• Experience in bug bounty, public vulnerability disclosures or CTF competitions.

• Development background (ability to read and understand production code).

• Experience with Cloud environments, CI/CD and DevSecOps practices.

• Experience in Threat modeling and Architecture reviews

• Familiarity with privacy and compliance frameworks (GDPR, ISO 27001, SOC2, etc.)

• Relevant certifications like CEH, BSCP, eWPT, OSCP, etc.

What We Offer

• Opportunity to work on large-scale, impactful projects

• Clear career growth path within a team with 27+ years of experience

• Professional, friendly, and supportive team environment

• EST time zone schedule with paid overtime when applicable (up to 12 hours per shift)

• Modern office in the Smart Village district.

• Flexible and transparent compensation review system

• Overtime compensation options

• Private medical insurance after completing the probation period

• Payments in USD