Penetration Tester

Antons

Conduct penetration testing on web applications, APIs, networks, and cloud environments.

• Perform security assessments of CI/CD pipelines, including build, test, and deployment workflows.
• Identify vulnerabilities related to source code repositories, automation tools, container images, and secrets management.
• Test authentication, authorization, session management, and access controls.
• Assess API security, including token handling, rate limiting, and authorization flaws.
• Execute static (SAST), dynamic (DAST), and dependency security testing within CI/CD processes.
• Validate security of containerized environments (Docker, Kubernetes).
• Simulate real-world attack scenarios and document findings with clear remediation guidance.
• Collaborate with development and DevOps teams to implement secure-by-design practices.
• Support incident response investigations and post-incident analysis when required.

Required Skills & Experience

• 2+ years of experience in penetration testing, application security, or ethical hacking.
• Strong understanding of CI/CD pipelines and DevSecOps methodologies.
• Hands-on experience securing tools such as GitHub Actions, GitLab CI, Jenkins, Azure DevOps, or similar.
• Proficiency in web and API security testing (OWASP Top 10, OWASP API Top 10).
• Experience with authentication mechanisms (JWT, OAuth2, SSO).
• Knowledge of common vulnerabilities: SQLi, XSS, CSRF, SSRF, IDOR, RCE, misconfigurations.
• Familiarity with Linux environments, networking concepts, and cloud security fundamentals.

Tools & Technologies

• Penetration testing tools: Burp Suite, Metasploit, Nmap, OWASP ZAP, Nikto.
• CI/CD security tools: Snyk, Trivy, SonarQube, Dependabot, GitGuardian.
• Container and cloud security tools (experience preferred).
• Scripting knowledge in Python, Bash, or PowerShell is an advantage.