May 3, 2026

Penetration Tester

Mid • Remote

12,000 - 15,000 PLN

Wroclaw, Poland

Project overview

A security-focused initiative aimed at performing vulnerability assessments and penetration tests for a variety of digital systems. The project supports continuous improvement of security practices and contributes to the development of internal tools and methodologies. The work includes research activities, process enhancement, and collaboration with technical teams to strengthen the overall security posture.

Team

You will join a security-oriented team that consists of penetration testers, security analysts, and engineers. The team collaborates closely, shares knowledge, and supports research and internal tool development.

Position overview

We are looking for a Middle Penetration Tester who will be involved in network and application-level security assessments. You will use automated tools and manual techniques to identify and verify security vulnerabilities. This role includes preparing assessment reports, interacting with clients to clarify scope and gather information, and contributing to the improvement of security processes and tools.

Technology stack

Burp Suite, Nessus, Metasploit, Nmap, sqlmap, Linux, Windows, Active Directory, JavaScript, .NET, SQL, scripting languages

Responsibilities

  • Conduct network and application-level security assessments

  • Use automated tools and manual techniques to identify and validate vulnerabilities

  • Prepare clear and comprehensive assessment reports with root cause details and remediation steps

  • Communicate with clients to gather information, clarify scope, and discuss security controls

  • Support internal security competence development through research, tool creation, and process improvement

  • Collaborate with other team members across security and engineering domains

Requirements

  • One year of experience performing vulnerability assessments and penetration tests

  • Three years of experience in the IT industry with familiarity across technologies such as Linux, Windows, Active Directory, JavaScript, .NET, SQL

  • Experience applying structured methodology for vulnerability assessments and penetration tests

  • Understanding of web application vulnerabilities

  • Ability to describe and report vulnerabilities along with typical remediation activities

  • Experience with open source and commercial security tools, including Burp Suite, Nessus, Metasploit, Nmap, and sqlmap

  • Knowledge of programming or scripting for creating auxiliary security tools

  • Ability to work effectively with customers and self-manage in challenging situations

Nice to have

  • Security certifications, including OSCP, CRTO, CPTS, eWPT, BSCP

  • Strong programming experience in a modern language

  • Experience with mobile application penetration testing

  • Experience with reverse engineering and binary analysis

  • Experience publishing technical content or speaking at industry events

  • Familiarity with security standards, including PCI DSS and ISO 27000

 

Similar jobs you might like

Technology

emagine Polska

Penetration Tester (m/w/d)

Senior

Remote

Berlin, BE, Germany

🏢 Summary: Experienced Penetration Tester responsible for planning, executing, and reporting comprehensive penetration tests across network, web, wireless, Active Directory, and physical environments for a public sector IT project. The role includes identifying vulnerabilities, performing realistic attack simulations, assessing compliance, and deriving concrete security improvements. Engagement is long-term and primarily remote within Germany. 🗂️ Requirements: Degree in ComputerScience or completed technical IT training, Minimum 3 years experience in ITSecurity, At least 2 years hands-on PenetrationTesting or RedTeam, Experience in minimum 2 large-scale projects over 250 users, Proven experience in WebApp Pentests Network Pentests or Cloud Pentests, Ability to develop own exploits or PoCs, Knowledge of compliance standards DSGVO BSI NIS, Fluent German language skills 📃 Skills: PenetrationTesting, RedTeam, NetworkSecurity, WLAN, WebSecurity, ActiveDirectory, Python, PowerShell, BurpSuite, Nmap, Metasploit, CobaltStrike, Nessus, OpenVAS, sqlmap, OSCP, GPEN, CEH, eJPT, CREST, CISSP, CISM, Jira, Confluence, SharePoint 🏢 Description: Für das Projekt wird ein erfahrener Penetration Tester (m/w/d) gesucht, der umfassende Penetration Tests plant, vorbereitet, durchführt und nachbereitet. Die Rolle umfasst sowohl technische Sicherheitsanalysen als auch die Ableitung konkreter Maßnahmen zur Erhöhung der IT-Sicherheit. Der Einsatz findet im Umfeld eines großen öffentlichen IT-Dienstleisters statt. Deine Aufgaben: Vor- und Nachbereitung sowie Durchführung abgestimmter Penetration Tests, u. a.: Network Penetration Testing WLAN Penetration Testing Web Application Penetration Testing Active Directory Penetration Testing Physical Penetration Testing Ermittlung bekannter und unbekannter Sicherheitslücken in IT-Systemen und Anwendungen Analyse der Sicherheitslage der IT-Infrastruktur sowie Prüfung der Compliance-Vorgaben (z. B. DSGVO, BSI-Grundschutz, NIS-Richtlinie) Durchführung realitätsnaher Angriffssimulationen zur Risikobewertung Ableitung von Maßnahmen zur Verbesserung der IT-Sicherheit und Präsentation der Ergebnisse Sicherstellung, dass alle Aktivitäten transparent, nachvollziehbar und rechtskonform erfolgen Dein Profil: Abgeschlossenes Informatik-Studium oder eine anerkannte technische Berufsausbildung (z. B. Fachinformatiker) Mindestens 3 Jahre praktische Erfahrung im Bereich IT-Sicherheit, davon mindestens 2 Jahre in Penetration Tests bzw. Red-Team-Übungen Beteiligung an mindestens 2 größeren Projekten (Unternehmen / Behörde mit >250 Mitarbeitenden), z. B. Web-App-Pentests, Netzwerk-Pentests, Cloud-Pentests Gute Deutschkenntnisse in Wort und Schrift Zuschlagskriterien: Umfangreiche Erfahrung in Pen-Tests / Red-Team Mehrere Referenzprojekte Zertifizierungen wie OSCP, GPEN, CEH, eJPT, CREST, CISSP/CISM Erfahrung mit Werkzeugen wie Burp Suite, Nmap, Metasploit, Cobalt Strike, Nessus/OpenVAS, sqlmap, etc. Fähig, eigene Exploits / PoCs zu entwickeln (Python, PowerShell) Erfahrung mit Jira, Confluence, SharePoint Andere Details: Zeitraum: Rahmenvereinbarung bis 2030 Arbeitsort: Remote/Deutschland Bei Interesse freue ich mich auf Deine Bewerbungsunterlagen , Verfügbarkeit und Stundensätze an tamara.petrovic.turkovic@emagine.de

Technology

emagine Polska

Penetration Tester (m/w/d)

Senior

Remote

Berlin, Germany

🏢 Summary: Experienced Penetration Tester responsible for planning, executing, and reporting comprehensive penetration tests across network, web, wireless, Active Directory, and physical environments. The role includes realistic attack simulations, compliance assessments, and deriving concrete security improvement measures within a large public IT environment. Engagement is long-term and primarily remote within Germany. 🗂️ Requirements: Completed degree in Computer Science or recognized technical IT training, Minimum 3 years experience in IT security, At least 2 years hands-on experience in penetration testing or red teaming, Experience in at least 2 large-scale projects (>250 users), Proven experience in web, network or cloud penetration testing, Ability to conduct independent security assessments and exploit development, Good German language skills (written and spoken) 📃 Skills: PenetrationTesting, RedTeaming, NetworkSecurity, WebSecurity, WLAN, ActiveDirectory, CloudSecurity, BurpSuite, Nmap, Metasploit, CobaltStrike, Nessus, OpenVAS, sqlmap, Python, PowerShell, Jira, Confluence, SharePoint, OSCP, GPEN, CEH, eJPT, CREST, CISSP, CISM 🏢 Description: Für das Projekt wird ein erfahrener Penetration Tester (m/w/d) gesucht, der umfassende Penetration Tests plant, vorbereitet, durchführt und nachbereitet. Die Rolle umfasst sowohl technische Sicherheitsanalysen als auch die Ableitung konkreter Maßnahmen zur Erhöhung der IT-Sicherheit. Der Einsatz findet im Umfeld eines großen öffentlichen IT-Dienstleisters statt. Deine Aufgaben: Vor- und Nachbereitung sowie Durchführung abgestimmter Penetration Tests, u. a.: Network Penetration Testing WLAN Penetration Testing Web Application Penetration Testing Active Directory Penetration Testing Physical Penetration Testing Ermittlung bekannter und unbekannter Sicherheitslücken in IT-Systemen und Anwendungen Analyse der Sicherheitslage der IT-Infrastruktur sowie Prüfung der Compliance-Vorgaben (z. B. DSGVO, BSI-Grundschutz, NIS-Richtlinie) Durchführung realitätsnaher Angriffssimulationen zur Risikobewertung Ableitung von Maßnahmen zur Verbesserung der IT-Sicherheit und Präsentation der Ergebnisse Sicherstellung, dass alle Aktivitäten transparent, nachvollziehbar und rechtskonform erfolgen Dein Profil: Abgeschlossenes Informatik-Studium oder eine anerkannte technische Berufsausbildung (z. B. Fachinformatiker) Mindestens 3 Jahre praktische Erfahrung im Bereich IT-Sicherheit, davon mindestens 2 Jahre in Penetration Tests bzw. Red-Team-Übungen Beteiligung an mindestens 2 größeren Projekten (Unternehmen / Behörde mit >250 Mitarbeitenden), z. B. Web-App-Pentests, Netzwerk-Pentests, Cloud-Pentests Gute Deutschkenntnisse in Wort und Schrift Zuschlagskriterien: Umfangreiche Erfahrung in Pen-Tests / Red-Team Mehrere Referenzprojekte Zertifizierungen wie OSCP, GPEN, CEH, eJPT, CREST, CISSP/CISM Erfahrung mit Werkzeugen wie Burp Suite, Nmap, Metasploit, Cobalt Strike, Nessus/OpenVAS, sqlmap, etc. Fähig, eigene Exploits / PoCs zu entwickeln (Python, PowerShell) Erfahrung mit Jira, Confluence, SharePoint Andere Details: Zeitraum: Rahmenvereinbarung bis 2030 Arbeitsort: Remote/Deutschland Bei Interesse freue ich mich auf Deine Bewerbungsunterlagen , Verfügbarkeit und Stundensätze an tamara.petrovic.turkovic@emagine.de

Technology

emagine Polska

Pentester

Senior

Remote

Warsaw, Poland

🏢 Summary: The offer is for an experienced Penetration Tester to conduct comprehensive security assessments across web, mobile, cloud, infrastructure, and API environments. The role focuses on identifying vulnerabilities, validating security controls, and ensuring compliance with DORA and PCI-DSS through primarily manual testing. The candidate will deliver structured, actionable reports based on recognized security standards and methodologies. 🗂️ Requirements: Minimum 5 years of penetration testing experience, Proven delivery of enterprise-level pentests, Experience with web, mobile, cloud, API, and infrastructure testing, Strong manual exploitation skills, Knowledge of OWASP Top 10, PTES, OSSTMM, Ability to perform grey-box testing, Experience with AWS, Azure, or GCP environments, Ability to produce detailed technical reports, Relevant security certifications (OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP) 📃 Skills: Pentesting, OWASP, PTES, OSSTMM, DORA, PCI-DSS, AWS, Azure, GCP, Android, iOS, React, REST, Swagger, API, ActiveDirectory, Firewalls, VPN, CIS, OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP 🏢 Description: Role Objective The primary objectives of the role are to: Identify security vulnerabilities in external and internal infrastructure/applications. Validate the effectiveness of existing security controls. Ensure compliance with DORA and PCI-DSS regulations. Provide actionable remediation guidance. Scope of Work The Penetration Tester will be responsible for conducting comprehensive penetration tests across the following areas: Asset Type Environment Notes Web applications Staging/Prod Main customer portal, admin panels, complex business-oriented apps Mobile applications Staging/Prod Android/iOS native apps, React Native Cloud environment Production AWS/Azure/GCP, CIS benchmark Thick client apps Production Desktop agents, use of API External infra Production Firewalls, VPN gateways Internal infra Production AD environment, database servers APIs and microservices Staging/Prod REST API provided with Swagger Testing Methodology Manual vs Automated: Emphasis on manual exploitation. Automated scanning should not exceed 20% of effort. Standards: Testing must adhere to OWASP Top 10 for web/mobile apps, PTES, or OSSTMM. Credentials: For grey-box testing, accounts will be provided (e.g., admin, user, viewer) for privilege escalation testing. Key Requirements Proven experience in delivering high-quality pentest services to enterprise clients (at least 5 years of experience delivering pentests) and client references. Team members with relevant certifications (e.g., OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP). High communication quality: clear verbal communication and reporting. Ability to deliver detailed, structured, and actionable reports. Use of industry-standard tools and methodologies.

Technology

BLUE energy Sp. z o.o.

Tester Penetracyjny Aplikacji Web

Mid

Hybrid

Poznan, Poland

10,000 - 14,000 PLN

🏢 Summary: Offer for a Web Application Penetration Tester responsible for conducting manual and automated security testing of web applications for external clients. The role focuses on identifying and exploiting vulnerabilities, preparing detailed security reports, and advising on remediation. It involves working with recognized security tools and methodologies to ensure high application security standards. 🗂️ Requirements: Experience in web application penetration testing, Knowledge of web security vulnerabilities (XSS, SQL Injection, CSRF, RCE), Ability to use penetration testing tools (Burp Suite, OWASP ZAP, Nmap, Metasploit), Ability to analyze application code for security flaws, Understanding of web application architecture, Knowledge of OWASP and PTES methodologies, Ability to prepare technical security reports, Relevant security certifications (e.g. CEH, OSCP, CISSP, GWAPT) 📃 Skills: BurpSuite, OWASPZAP, Nmap, Metasploit, XSS, SQLInjection, CSRF, RCE, JavaScript, PHP, Python, OWASP, PTES, CEH, OSCP, CISSP, GWAPT 🏢 Description: Jako firma konsultingowa specjalizująca się w bezpieczeństwie IT, poszukujemy Testera Penetracyjnego Aplikacji Web , który dołączy do naszego zespołu. Osoba na tym stanowisku będzie odpowiedzialna za realizację testów penetracyjnych aplikacji webowych w ramach projektów dla naszych zewnętrznych klientów. Będziesz pracować nad identyfikowaniem luk w zabezpieczeniach aplikacji, wspierając naszych klientów w zapewnianiu najwyższego poziomu bezpieczeństwa ich systemów. Zakres obowiązków: Realizacja testów penetracyjnych aplikacji webowych dla różnych klientów, w tym identyfikowanie i eksploatowanie luk w zabezpieczeniach Audytowanie aplikacji pod kątem zagrożeń takich jak XSS, SQL Injection, CSRF, RCE i innych typowych wektorów ataków Przeprowadzanie testów manualnych oraz automatycznych przy użyciu narzędzi takich jak Burp Suite, OWASP ZAP, Metasploit, itp. Przygotowywanie szczegółowych raportów z przeprowadzonych testów, w tym rekomendacji dotyczących poprawy zabezpieczeń Współpraca z zespołami deweloperskimi klientów, doradztwo w zakresie implementacji poprawek bezpieczeństwa Udział w analizach ryzyka i opracowywanie zaleceń dla klientów w zakresie bezpieczeństwa aplikacji webowych Wymagania: Doświadczenie w przeprowadzaniu testów penetracyjnych aplikacji webowych, w tym znajomość narzędzi i metod wykorzystywanych w tej dziedzinie (Burp Suite, OWASP ZAP, Nmap, Metasploit, itp.) Doskonała znajomość zagrożeń związanych z bezpieczeństwem aplikacji webowych (XSS, SQL Injection, CSRF, RCE, itp.) Umiejętność analizowania kodu aplikacji i identyfikowania potencjalnych luk w zabezpieczeniach Dobre rozumienie architektury aplikacji webowych i technologii wykorzystywanych w aplikacjach (JavaScript, PHP, Python, itp.) Umiejętności raportowania i przedstawiania wyników testów w sposób zrozumiały dla osób nietechnicznych (np. menedżerowie projektów, klienci) Certyfikaty z zakresu bezpieczeństwa (np. CEH, OSCP, CISSP, GWAPT) będą dodatkowym atutem Praktyczna znajomość metodologii testowania oraz standardów bezpieczeństwa (np. OWASP, PTES) Umiejętność pracy w zespole, komunikatywność oraz umiejętność pracy z klientami Oferujemy: Pracę nad interesującymi projektami z zakresu bezpieczeństwa aplikacji webowych dla klientów z różnych branż Atrakcyjne wynagrodzenie oraz pakiet benefitów (m. in. Multisport, ubezpieczenie i pakiet medyczny) Możliwość rozwoju zawodowego i certyfikacji w zakresie bezpieczeństwa IT Współpracę z zespołem ekspertów oraz wsparcie w realizacji wyzwań technicznych Elastyczne godziny pracy oraz możliwość pracy zdalnej lub hybrydowej Jeśli jesteś pasjonatem bezpieczeństwa aplikacji webowych i chcesz dołączyć do naszego zespołu, zapraszamy do aplikowania!

Technology

Antal Sp. z o.o.

HSBCJP00057046 (Cybersecurity) Penetration Testing Lead

Senior

Hybrid

Krakow, Poland

180 - 220 PLN/hr

🏢 Summary: Leadership role combining hands-on penetration testing with team management, responsible for delivering complex security assessments across applications, infrastructure, and mobile platforms. The position owns the full testing lifecycle, defines methodologies, and ensures high-quality reporting and remediation guidance. It involves close collaboration with global stakeholders to strengthen overall security posture. 🗂️ Requirements: Minimum 5 years of hands-on penetration testing experience, Experience leading or mentoring penetration testing teams, Expertise in at least two areas: web applications, infrastructure, mobile security, Strong knowledge of common vulnerabilities and attack techniques, Strong understanding of TCP/IP and network security, Strong understanding of application security principles, Experience with manual and automated testing, Ability to communicate technical findings to non-technical stakeholders, Experience with scripting or programming 📃 Skills: PenetrationTesting, WebSecurity, InfrastructureSecurity, MobileSecurity, TCP/IP, NetworkSecurity, ApplicationSecurity, Scripting, OWASP, SAST, DAST, IAST, OAuth2, JWT, iOS, Android, Java, Kotlin, Swift, Objective-C, Microservices, APIs, Cloud 🏢 Description: Penetration Testing Team Lead 📍 Location: Kraków (preferable) / Warszawa ( 6 days per month) Area: Cybersecurity – Research & Offensive Security Level: Senior / Leadership Model: B2B Rate: 180-220PLN netto About the role We are looking for a Penetration Testing Team Lead to join a global cybersecurity organization and lead a team responsible for identifying and exploiting vulnerabilities across applications, infrastructure, and mobile platforms. This role combines hands-on penetration testing expertise with team leadership and delivery ownership . You will lead complex security assessments, shape testing methodologies, and work closely with stakeholders to strengthen the overall security posture in a rapidly evolving threat landscape. Key responsibilities Lead and manage a team of penetration testers delivering security assessments across multiple domains Oversee end-to-end penetration testing lifecycle: scoping, planning, execution, and reporting Ensure high-quality, actionable deliverables, including clear risk articulation and remediation guidance Act as the main escalation point for complex technical challenges and stakeholder concerns Collaborate with global penetration testing leads to: align methodologies and standards share knowledge and insights ensure consistency across regions Contribute to the development and continuous improvement of testing frameworks, tools, and best practices Build and maintain internal knowledge base (findings, trends, lessons learned) Support vulnerability management lifecycle (tracking, remediation, risk acceptance) Participate in incident response and security investigations when needed Evaluate new tools, techniques, and emerging attack vectors Leadership & collaboration Mentor, coach, and develop team members (technical and career growth) Foster a collaborative, knowledge-sharing culture within the team Work closely with stakeholders across technology, security, and business teams Translate technical findings into business-relevant insights Support cross-regional collaboration and alignment Requirements Minimum 5 years of hands-on experience in penetration testing Proven experience leading or mentoring penetration testing teams Strong expertise in at least two domains: web applications infrastructure mobile security Solid understanding of: common vulnerabilities and attack techniques TCP/IP and network security application security principles Strong experience with manual and automated testing techniques Ability to clearly communicate complex technical findings to non-technical stakeholders Strong analytical thinking and problem-solving skills Experience with scripting/programming Nice to have Experience with mobile security (iOS, Android) and related risks Knowledge of OWASP standards (e.g., MASVS, MSTG) Experience with SAST, DAST, IAST tools Understanding of modern architectures (microservices, APIs, cloud environments) Experience with code reviews (Java, Kotlin, Swift, Objective-C) Knowledge of authentication and security mechanisms (OAuth2, JWT, biometrics, SSL pinning) Background in software development or secure SDLC Experience in financial services or other regulated environments What we offer Opportunity to lead and shape a high-performing penetration testing team Work in a global, collaborative cybersecurity environment Exposure to complex and large-scale security challenges Real impact on improving security posture across the organization Competitive compensation and benefits _ Luxmed and Multisport Why apply for an Antal job offer? When your application is successful, you will be supported by a dedicated Consultant who will stay in regular contact with you (via email or phone), help you prepare for interviews with your future employer, and ensure a smooth and professional recruitment process. About Antal Antal is a leading recruitment and HR advisory company, present in Poland since 1996 and later expanded to the Czech Republic and Hungary. Across the CEE region, we employ around 150 professionals who deliver a full range of services – from specialist and executive recruitment, employee outsourcing and HR consulting, to employer branding and market research. Our division-based structure combines deep industry expertise with functional specialisation, enabling us to provide tailored solutions for companies in every sector. We act as a trusted partner for both employers and candidates, sharing our knowledge and guiding them through every stage of the talent journey. We connect exceptional people with the right opportunities and help organisations build successful teams.

Technology

Orange Polska

Senior Pentester

Senior

Hybrid

Warsaw, Poland

🏢 Summary: Senior Pentester role in an international Zero Trust Security project, responsible for end-to-end penetration testing, technical audits, and Red/Purple Team activities. The position involves exploiting complex vulnerabilities across network, cloud, and application environments, reporting risk with business impact, and mentoring junior testers. The role also includes tooling development, framework alignment, and close collaboration with stakeholders. 🗂️ Requirements: 5+ years of hands-on penetration testing experience, 2+ years of project leadership and mentoring experience, Strong knowledge of TCP/IP, DNS, routing, Strong knowledge of Linux, Strong knowledge of HTTP, TLS, REST, GraphQL, Understanding of Kerberos, NTLM, OAuth2, OIDC, SAML, JWT, Experience with AD and Entra ID, Advanced exploitation skills including privilege escalation and lateral movement, Experience in cloud and container security including IAM and Kubernetes, Proficiency with Burp Suite Pro, Nmap, Wireshark, Metasploit, Experience with C2 frameworks, Programming or scripting in Python, Programming or scripting in PowerShell or Bash or Go, Experience with Git, Knowledge of PTES, OWASP Testing Guide, NIST SP 800-115, Ability to map findings to MITRE ATT&CK, Fluent Polish and English (minimum B2) 📃 Skills: TCP/IP, DNS, Linux, HTTP, TLS, REST, GraphQL, Kerberos, NTLM, OAuth2, OIDC, SAML, JWT, ActiveDirectory, EntraID, IAM, Kubernetes, CI/CD, BurpSuite, Nmap, Wireshark, Metasploit, CobaltStrike, Sliver, Python, PowerShell, Bash, Go, Git, PTES, OWASP, NIST, MITRE, CVSS 🏢 Description: Jako Senior Pentester dołączysz do naszego rosnącego zespołu Cybersecurity, będąc kluczowym członkiem projektu międzynarodowego (klient francuski) i pracując w modelu Zero Trust Security. Liczymy nie tylko na Twoją wiedzę techniczną, ale także na Twoje umiejętności współpracy z innymi, ze szczególnym naciskiem na dzielenie się wiedzą i mentoring młodszych członków zespołu. Współpraca opiera się na umowie o pracę i zdalnym (tylko z terytorium Polski) lub hybrydowym (dowolne biuro Orange Polska) modelu pracy. Senior Pentester Planowanie i prowadzenie testów od początku do końca: zakres, Statement of Work, zasady współpracy, sprawdzanie legalności i ryzyka Przeprowadzanie audytów technicznych (w tym PenTesting i audytów konfiguracji) na różnych zakresach i poziomach złożoności Identyfikowanie i łączenie słabości, aby pokazać realny wpływ, zawsze w bezpieczny sposób i w ramach zakresu Prowadzenie warsztatów w celu rozwoju filozofii Red Team i wspieranie promowania Purple Team, z uwzględnieniem dojrzałości Blue Team Tworzenie jasnych raportów z dowodami, ocenami ryzyka (np. CVSS), wpływem na biznes i praktycznymi rozwiązaniami; prezentowanie wyników zarówno technicznym, jak i nietechnicznym odbiorcom Uzgadnianie priorytetów z właścicielami, doradzanie w zakresie napraw i kontroli rekompensujących, planowanie i wykonywanie retestów Udoskonalanie metod i narzędzi: aktualizacja playbooków, pisanie skryptów/PoC, utrzymanie środowisk laboratoryjnych, dzielenie się badaniami Nauczanie i wspieranie młodszych testerów: spotkania 1:1, testy w parach, warsztaty, szkolenia wewnętrzne; przegląd ich pracy; wsparcie w rekrutacji i onboardingu Dzielenie się wiedzą z zespołem i społecznością: tech talks, artykuły, lessons learned; publikowanie blogów lub prezentacji; udział w open source Współpraca z interesariuszami: prowadzenie briefingów i warsztatów, tłumaczenie ryzyk technicznych na język biznesu Wsparcie działań presales: przygotowywanie zakresów, szacowanie wysiłku, pisanie SoW, udział w spotkaniach z klientami Przestrzeganie etyki i standardów (PTES, OWASP, NIST, ISO, PCI DSS) oraz ochrona poufnych danych Wymagane: Ponad 5 lat praktycznego doświadczenia w penetration testing w różnych obszarach; doświadczenie w prowadzeniu projektów i mentoringu (2+ lat) Dobra znajomość sieci (TCP/IP, DNS, routing), Linux i technologii webowych (HTTP(S), TLS, REST/GraphQL) Dobre zrozumienie tożsamości i uwierzytelniania: Kerberos/NTLM, OAuth2/OIDC, SAML, JWT; AD/Entra ID i popularnych IdP (np. Okta/Azure AD) Zaawansowane umiejętności w zakresie exploitacji: weryfikacja ustaleń, tworzenie prostych PoC, chainowanie problemów, eskalacja uprawnień, lateral movement, OPSEC Solidne doświadczenie w bezpieczeństwie Cloud i kontenerów: IAM, segmentation, serverless, secrets, supply chain, Kubernetes (RBAC/admission), CI/CD attack paths Znajomość narzędzi: Burp Suite Pro, Nmap, Wireshark, Metasploit, CLI chmur, frameworków C2 (np. Cobalt Strike, Sliver) Umiejętność scriptingu/programowania: Python i co najmniej jeden z: PowerShell/Bash/Go; Git; automatyzacja i tworzenie własnych narzędzi Umiejętność dostosowania metod i frameworków: PTES, OWASP Testing Guide, NIST SP 800-115; mapowanie do MITRE ATT&CK; podstawowe modelowanie zagrożeń Jasna komunikacja: zwięzłe pisanie, skuteczne prezentacje, priorytetyzacja ryzyk w kontekście biznesu Biegła znajomość języka polskiego i angielskiego (minimum B2) Mile widziane: Certyfikaty: CEH, CISSP, OSCP, GPEN/GXPN/GMOB, CRTO, CCSK/CCSP Głębsze doświadczenie w Red Teamingu, detection engineering i tuning telemetry Reverse engineering i development exploitów (np. Ghidra/IDA) lub fuzzing Zaawansowane testy mobilne (np. Frida/Objection, instrumentation) Udział w open source, badania/CVEs, konferencje, silne osiągnięcia w bug bounty Doświadczenie w ramach frameworków zgodności i ryzyka (PCI DSS, ISO 27001/SOC 2, NIST CSF) i metrykach (KPIs/OKRs) Znajomość języka francuskiego Benefity: Stabilne zatrudnienie w oparciu o umowę o pracę Praca w modelu hybrydowym (2 dni z biura / 3 dni z domu) Program emerytalny – po 6 miesiącach pracy, Orange co miesiąc dołoży 7% Twojej pensji brutto na Twoje konto emerytalne Prywatna opieka medyczna w PZU Zdrowie Pożyczki bez oprocentowania na cele mieszkaniowe, zdrowotne i inne Dofinansowanie do wypoczynku Karta sportowa FitProfit Wydarzenia integracyjne i wyjazdy współfinansowane z funduszu socjalnego Możliwość dołączenia do ubezpieczenia grupowego na preferencyjnych warunkach Smartfon z nielimitowanym Internetem – również do użytku prywatnego Preferencyjna oferta na usługi Orange Zróżnicowane i dopasowane do potrzeb możliwości rozwoju – szkolenia, dostęp do platform edukacyjnych (w tym platformy do nauki języków obcych), program staży wewnętrznych i inspirujące wydarzenia edukacyjne „Zdrowie na TAK” - program dla osób z niepełnosprawnościami „Jestem w grze” – wsparcie dla rodziców powracających do pracy po urlopach rodzicielskich Programy wellbeingowe Wolontariat we współpracy z Fundacją Orange

Technology

Samsung R&D Institute Poland

Python Developer

Mid

Hybrid

Warsaw, Poland

🏢 Summary: The offer is for a Python Developer focused on building AI-driven tools for automated web vulnerability detection and large-scale security assessments. The role involves developing and deploying advanced solutions leveraging LLMs and machine learning to enhance internal penetration testing processes. 🗂️ Requirements: 3+ years of experience in Python, Experience in task automation, Familiarity with LLMs, Ability to integrate LLMs into software applications, Knowledge of web application security concepts 📃 Skills: Python, LLMs, MachineLearning, Pydantic, OWASP, BurpSuite, OWASPZAP, Nessus, Nmap, KaliLinux, Linux 🏢 Description: About our Team Samsung Electronics is deeply committed to ensuring the security of both its final products and internal applications. To verify the robustness of our security measures, we employ a range of testing methodologies, including black-box and white-box testing. As part of our ongoing efforts to enhance security, we conduct regular penetration testing on internal web applications and services. We are currently seeking skilled Python developer to help improve existing tools and develop new internal solutions for penetration testing. In particular, we are looking for engineers who can leverage their expertise in web application security and AI, combined with programming skills, to build cutting-edge AI-driven tools for web vulnerability discovery. Role and Responsibilities Developing robust, automated tools for precise detection of security vulnerabilities in modern web applications. Designing cutting‑edge, AI‑powered solutions that leverage the latest advances in machine learning and automated reasoning. Deploying these state‑of‑the‑art systems to identify vulnerabilities at scale, enabling continuous, large‑scale security assessments across diverse web platforms. Skills and Qualifications 3+ years of experience in Python programming language. Skilled in task automation. Elementary familiarity with LLMs combined with competence in developing code‑level integrations of LLMs into software applications. Nice to have Proficiency with Python frameworks for building AI agents (e.g., Pydantic). Expertise with LLMs and prompt engineering. Some understanding of common vulnerability mechanisms from the OWASP Top 10. Familiarity with security testing tools, including Burp Suite, OWASP ZAP, Nessus, Nmap, Kali Linux. Knowledge of operating system internals, particularly the Linux kernel. We offer Team: Contract of employment – direct outsource Friendly working atmosphere Wide range of trainings and a huge support in developing algorithmic skills Opportunity to work in multiple projects Working with the latest technologies on the market Possibility to attend local and foreign conferences Start of work between 7 a.m. and 10 a.m. Equipment: PC workstation + 2 external monitors OS: Linux, Windows Benefits: Private medical care (possibility to add family members for free) Multisport card Life insurance Lunch card A partial reimbursement of the cost of an English language course Variety of discounts (Samsung products, theaters, restaurants) Unlimited free access to Copernicus Science Center for you and your friends Possibility to test new Samsung products Monthly integration budget Location: Office in Warsaw Spire near metro station Hybrid model (3 days from the office per week)