New offer - be the first one to apply!

July 16, 2026

API Pentester

Senior • Remote

170 - 180 PLN

Wroclaw, Poland

Join the Offensive Security team and lead penetration testing engagements for clients across financial services, technology, healthcare, government, and critical infrastructure sectors.

This is a hands-on role for an experienced security professional who wants to remain highly technical while taking ownership of project delivery, client relationships, and mentoring junior consultants.

Key Responsibilities

  • Lead and perform penetration tests across web applications, APIs, internal/external networks, mobile applications, cloud environments, and Active Directory
  • Conduct advanced Active Directory security assessments and infrastructure testing
  • Develop custom scripts, tooling, and proof-of-concept exploits
  • Manage engagements from scoping to reporting and remediation validation
  • Present findings to technical and business stakeholders
  • Support proposal development, effort estimation, and pre-sales activities
  • Mentor junior team members and contribute to internal methodologies and best practices

Required Experience

  • 5+ years of hands-on penetration testing or offensive security experience, ideally within a consulting environment
  • Strong expertise in at least three of the following: web, network, mobile, or Active Directory security testing
  • Experience with tools such as Burp Suite, Nmap, Metasploit, BloodHound, Impacket, Cobalt Strike (or similar), Nessus/OpenVAS, Frida, and MobSF
  • Scripting skills in Python, PowerShell, or Bash
  • Strong communication, reporting, and client-facing skills

Certifications

  • At least one of: OSCP, CREST CRT/CPSA, CRTP, or CRTO

Nice to Have

  • Big 4 or cybersecurity consultancy experience
  • Cloud security testing (AWS, Azure, GCP)
  • Kubernetes/container security knowledge
  • Security research, CVEs, conference talks, or CTF achievements

Offer

  • Multisport Card
  • Life insurance
  • Private healthcare
  • PowerYou platform

Similar jobs you might like

Technology

DataArt

Penetration Tester

Mid

Remote

Wroclaw, Poland

12,000 - 15,000 PLN

🏢 Summary: The offer is for a Middle Penetration Tester responsible for conducting network and application-level security assessments using automated and manual techniques. The role involves identifying and validating vulnerabilities, preparing detailed reports, collaborating with clients, and contributing to internal security tools and processes. The position focuses on strengthening security posture through structured testing methodologies and technical research. 🗂️ Requirements: Minimum 1 year of experience in vulnerability assessments and penetration testing, Minimum 3 years of experience in IT industry, Experience with Linux, Windows, Active Directory, JavaScript, .NET, SQL, Experience applying structured penetration testing methodologies, Understanding of web application vulnerabilities, Ability to document vulnerabilities and remediation steps, Experience with Burp Suite, Nessus, Metasploit, Nmap, sqlmap, Knowledge of programming or scripting for security tools development 📃 Skills: Burp, Nessus, Metasploit, Nmap, sqlmap, Linux, Windows, ActiveDirectory, JavaScript, .NET, SQL, Scripting 🏢 Description: Project overview A security-focused initiative aimed at performing vulnerability assessments and penetration tests for a variety of digital systems. The project supports continuous improvement of security practices and contributes to the development of internal tools and methodologies. The work includes research activities, process enhancement, and collaboration with technical teams to strengthen the overall security posture. Team You will join a security-oriented team that consists of penetration testers, security analysts, and engineers. The team collaborates closely, shares knowledge, and supports research and internal tool development. Position overview We are looking for a Middle Penetration Tester who will be involved in network and application-level security assessments. You will use automated tools and manual techniques to identify and verify security vulnerabilities. This role includes preparing assessment reports, interacting with clients to clarify scope and gather information, and contributing to the improvement of security processes and tools. Technology stack Burp Suite, Nessus, Metasploit, Nmap, sqlmap, Linux, Windows, Active Directory, JavaScript, .NET, SQL, scripting languages Responsibilities Conduct network and application-level security assessments Use automated tools and manual techniques to identify and validate vulnerabilities Prepare clear and comprehensive assessment reports with root cause details and remediation steps Communicate with clients to gather information, clarify scope, and discuss security controls Support internal security competence development through research, tool creation, and process improvement Collaborate with other team members across security and engineering domains Requirements One year of experience performing vulnerability assessments and penetration tests Three years of experience in the IT industry with familiarity across technologies such as Linux, Windows, Active Directory, JavaScript, .NET, SQL Experience applying structured methodology for vulnerability assessments and penetration tests Understanding of web application vulnerabilities Ability to describe and report vulnerabilities along with typical remediation activities Experience with open source and commercial security tools, including Burp Suite, Nessus, Metasploit, Nmap, and sqlmap Knowledge of programming or scripting for creating auxiliary security tools Ability to work effectively with customers and self-manage in challenging situations Nice to have Security certifications, including OSCP, CRTO, CPTS, eWPT, BSCP Strong programming experience in a modern language Experience with mobile application penetration testing Experience with reverse engineering and binary analysis Experience publishing technical content or speaking at industry events Familiarity with security standards, including PCI DSS and ISO 27000

Technology

BLUE energy Sp. z o.o.

Tester Penetracyjny Aplikacji Web

Mid

Hybrid

Poznan, Poland

10,000 - 14,000 PLN

🏢 Summary: Offer for a Web Application Penetration Tester responsible for conducting manual and automated security testing of web applications for external clients. The role focuses on identifying and exploiting vulnerabilities, preparing detailed security reports, and advising on remediation. It involves working with recognized security tools and methodologies to ensure high application security standards. 🗂️ Requirements: Experience in web application penetration testing, Knowledge of web security vulnerabilities (XSS, SQL Injection, CSRF, RCE), Ability to use penetration testing tools (Burp Suite, OWASP ZAP, Nmap, Metasploit), Ability to analyze application code for security flaws, Understanding of web application architecture, Knowledge of OWASP and PTES methodologies, Ability to prepare technical security reports, Relevant security certifications (e.g. CEH, OSCP, CISSP, GWAPT) 📃 Skills: BurpSuite, OWASPZAP, Nmap, Metasploit, XSS, SQLInjection, CSRF, RCE, JavaScript, PHP, Python, OWASP, PTES, CEH, OSCP, CISSP, GWAPT 🏢 Description: Jako firma konsultingowa specjalizująca się w bezpieczeństwie IT, poszukujemy Testera Penetracyjnego Aplikacji Web , który dołączy do naszego zespołu. Osoba na tym stanowisku będzie odpowiedzialna za realizację testów penetracyjnych aplikacji webowych w ramach projektów dla naszych zewnętrznych klientów. Będziesz pracować nad identyfikowaniem luk w zabezpieczeniach aplikacji, wspierając naszych klientów w zapewnianiu najwyższego poziomu bezpieczeństwa ich systemów. Zakres obowiązków: Realizacja testów penetracyjnych aplikacji webowych dla różnych klientów, w tym identyfikowanie i eksploatowanie luk w zabezpieczeniach Audytowanie aplikacji pod kątem zagrożeń takich jak XSS, SQL Injection, CSRF, RCE i innych typowych wektorów ataków Przeprowadzanie testów manualnych oraz automatycznych przy użyciu narzędzi takich jak Burp Suite, OWASP ZAP, Metasploit, itp. Przygotowywanie szczegółowych raportów z przeprowadzonych testów, w tym rekomendacji dotyczących poprawy zabezpieczeń Współpraca z zespołami deweloperskimi klientów, doradztwo w zakresie implementacji poprawek bezpieczeństwa Udział w analizach ryzyka i opracowywanie zaleceń dla klientów w zakresie bezpieczeństwa aplikacji webowych Wymagania: Doświadczenie w przeprowadzaniu testów penetracyjnych aplikacji webowych, w tym znajomość narzędzi i metod wykorzystywanych w tej dziedzinie (Burp Suite, OWASP ZAP, Nmap, Metasploit, itp.) Doskonała znajomość zagrożeń związanych z bezpieczeństwem aplikacji webowych (XSS, SQL Injection, CSRF, RCE, itp.) Umiejętność analizowania kodu aplikacji i identyfikowania potencjalnych luk w zabezpieczeniach Dobre rozumienie architektury aplikacji webowych i technologii wykorzystywanych w aplikacjach (JavaScript, PHP, Python, itp.) Umiejętności raportowania i przedstawiania wyników testów w sposób zrozumiały dla osób nietechnicznych (np. menedżerowie projektów, klienci) Certyfikaty z zakresu bezpieczeństwa (np. CEH, OSCP, CISSP, GWAPT) będą dodatkowym atutem Praktyczna znajomość metodologii testowania oraz standardów bezpieczeństwa (np. OWASP, PTES) Umiejętność pracy w zespole, komunikatywność oraz umiejętność pracy z klientami Oferujemy: Pracę nad interesującymi projektami z zakresu bezpieczeństwa aplikacji webowych dla klientów z różnych branż Atrakcyjne wynagrodzenie oraz pakiet benefitów (m. in. Multisport, ubezpieczenie i pakiet medyczny) Możliwość rozwoju zawodowego i certyfikacji w zakresie bezpieczeństwa IT Współpracę z zespołem ekspertów oraz wsparcie w realizacji wyzwań technicznych Elastyczne godziny pracy oraz możliwość pracy zdalnej lub hybrydowej Jeśli jesteś pasjonatem bezpieczeństwa aplikacji webowych i chcesz dołączyć do naszego zespołu, zapraszamy do aplikowania!

Technology

TSS

Tester Bezpieczeństwa

Mid

Remote

Warsaw, Poland

80 - 95 PLN

🏢 Summary: Role focused on conducting comprehensive security testing of web applications, APIs, and IT infrastructure, including penetration testing and vulnerability assessments. The position involves identifying security risks, simulating real-world attacks, and providing remediation recommendations in close collaboration with development teams. It requires hands-on use of professional security tools and active participation in code reviews and technical consultations. 🗂️ Requirements: Minimum 3 years of commercial experience in security testing, Experience in penetration testing and vulnerability scanning, Practical experience in manual web application security testing, Experience in API security testing, Experience in network infrastructure security assessment, Proficiency with Burp Suite, OWASP ZAP, Wireshark, SQLMap, Ability to identify vulnerabilities and assess security risks, Experience collaborating with development teams and participating in code reviews, Fluent Polish, Working knowledge of English for technical documentation 📃 Skills: BurpSuite, OWASPZAP, Wireshark, SQLMap, PenetrationTesting, VulnerabilityScanning, WebSecurity, APITesting, Networking, Cybersecurity, OWASP, Cloud, Agile, Scrum 🏢 Description: W TSS napędzamy cyfrową rewolucję. Tworzymy zaawansowane systemy i innowacyjne rozwiązania z zakresu Software Development, FinTech, AI oraz Cybersecurity. Zakres odpowiedzialności: Testy bezpieczeństwa aplikacji webowych: Planowanie, przygotowywanie i realizacja manualnych testów bezpieczeństwa aplikacji webowych, identyfikacja podatności oraz analiza ryzyk bezpieczeństwa. Testowanie API: Przeprowadzanie testów bezpieczeństwa interfejsów API, weryfikacja mechanizmów uwierzytelniania, autoryzacji oraz odporności na najczęściej występujące zagrożenia. Testy infrastruktury sieciowej: Ocena bezpieczeństwa infrastruktury IT, usług sieciowych oraz konfiguracji systemów pod kątem potencjalnych podatności. Testy penetracyjne: Realizacja testów penetracyjnych systemów i aplikacji, symulowanie rzeczywistych scenariuszy ataków oraz analiza skuteczności wdrożonych zabezpieczeń. Skanowanie podatności: Wykorzystywanie specjalistycznych narzędzi do wykrywania luk bezpieczeństwa, analiza wyników oraz przygotowywanie rekomendacji naprawczych. Wykorzystanie narzędzi bezpieczeństwa: Codzienna praca z narzędziami takimi jak Burp Suite, OWASP ZAP, Wireshark, SQLMap oraz innymi rozwiązaniami wspierającymi proces testów bezpieczeństwa. Współpraca z zespołem deweloperskim: Aktywna współpraca z programistami, architektami i analitykami w zakresie identyfikacji oraz eliminacji zagrożeń bezpieczeństwa, udział w code review i konsultacjach technicznych. Raportowanie i rekomendacje: Przygotowywanie raportów z przeprowadzonych testów, dokumentowanie wykrytych podatności oraz rekomendowanie działań naprawczych i usprawnień. Wymagania: Doświadczenie komercyjne: Minimum 3 lata doświadczenia w obszarze testów bezpieczeństwa obejmujących testy penetracyjne, skanowanie podatności oraz symulacje ataków. Testy bezpieczeństwa aplikacji: Praktyczne doświadczenie w manualnym testowaniu bezpieczeństwa aplikacji webowych, API oraz infrastruktury sieciowej. Narzędzia bezpieczeństwa: Bardzo dobra znajomość narzędzi takich jak Burp Suite , OWASP ZAP, Wireshark, SQLMap oraz innych rozwiązań wykorzystywanych w testach bezpieczeństwa. Znajomość zagadnień cyberbezpieczeństwa: Umiejętność identyfikowania podatności, analizowania ryzyk bezpieczeństwa oraz proponowania skutecznych działań naprawczych. Komunikacja i współpraca: Wysoko rozwinięte umiejętności komunikacyjne oraz doświadczenie we współpracy z zespołami deweloperskimi, w tym udział w code review i konsultacjach technicznych. Znajomość języków: Biegłe posługiwanie się językiem polskim w mowie i piśmie oraz znajomość języka angielskiego umożliwiająca efektywną pracę z dokumentacją techniczną. Dodatkowym atutem będzie: Znajomość standardów i metodyk bezpieczeństwa, w szczególności OWASP Top 10. Doświadczenie w testowaniu środowisk chmurowych oraz nowoczesnych architektur aplikacyjnych. Posiadanie certyfikatów branżowych związanych z bezpieczeństwem, np. eJPT, PNPT, OSCP, CEH lub pokrewnych. Doświadczenie w pracy w środowiskach Agile/Scrum. Otwartość na dzielenie się wiedzą oraz aktywne wspieranie rozwoju zespołu. Co zyskujesz, dołączając do teamu? Stabilność i elastyczność: Długofalową współpracę w oparciu o kontrakt B2B. Realny wpływ: Pracę nad kluczowymi projektami, gdzie Twoje rekomendacje i działania realnie wpływają na poziom bezpieczeństwa tworzonych rozwiązań. Zdrowie pod kontrolą: Dofinansowanie do prywatnej opieki medycznej w PZU. Stały rozwój: Dostęp do wewnętrznych, specjalistycznych szkoleń z zakresu m.in . cyberbezpieczeństwa. Środowisko entuzjastów: Pracę w zespole, gdzie pasja łączy się z profesjonalizmem, a dobra atmosfera to standard, nie benefit.

Technology

emagine Polska

Penetration Tester (m/w/d)

Senior

Remote

Berlin, BE, Germany

🏢 Summary: Experienced Penetration Tester responsible for planning, executing, and reporting comprehensive penetration tests across network, web, wireless, Active Directory, and physical environments for a public sector IT project. The role includes identifying vulnerabilities, performing realistic attack simulations, assessing compliance, and deriving concrete security improvements. Engagement is long-term and primarily remote within Germany. 🗂️ Requirements: Degree in ComputerScience or completed technical IT training, Minimum 3 years experience in ITSecurity, At least 2 years hands-on PenetrationTesting or RedTeam, Experience in minimum 2 large-scale projects over 250 users, Proven experience in WebApp Pentests Network Pentests or Cloud Pentests, Ability to develop own exploits or PoCs, Knowledge of compliance standards DSGVO BSI NIS, Fluent German language skills 📃 Skills: PenetrationTesting, RedTeam, NetworkSecurity, WLAN, WebSecurity, ActiveDirectory, Python, PowerShell, BurpSuite, Nmap, Metasploit, CobaltStrike, Nessus, OpenVAS, sqlmap, OSCP, GPEN, CEH, eJPT, CREST, CISSP, CISM, Jira, Confluence, SharePoint 🏢 Description: Für das Projekt wird ein erfahrener Penetration Tester (m/w/d) gesucht, der umfassende Penetration Tests plant, vorbereitet, durchführt und nachbereitet. Die Rolle umfasst sowohl technische Sicherheitsanalysen als auch die Ableitung konkreter Maßnahmen zur Erhöhung der IT-Sicherheit. Der Einsatz findet im Umfeld eines großen öffentlichen IT-Dienstleisters statt. Deine Aufgaben: Vor- und Nachbereitung sowie Durchführung abgestimmter Penetration Tests, u. a.: Network Penetration Testing WLAN Penetration Testing Web Application Penetration Testing Active Directory Penetration Testing Physical Penetration Testing Ermittlung bekannter und unbekannter Sicherheitslücken in IT-Systemen und Anwendungen Analyse der Sicherheitslage der IT-Infrastruktur sowie Prüfung der Compliance-Vorgaben (z. B. DSGVO, BSI-Grundschutz, NIS-Richtlinie) Durchführung realitätsnaher Angriffssimulationen zur Risikobewertung Ableitung von Maßnahmen zur Verbesserung der IT-Sicherheit und Präsentation der Ergebnisse Sicherstellung, dass alle Aktivitäten transparent, nachvollziehbar und rechtskonform erfolgen Dein Profil: Abgeschlossenes Informatik-Studium oder eine anerkannte technische Berufsausbildung (z. B. Fachinformatiker) Mindestens 3 Jahre praktische Erfahrung im Bereich IT-Sicherheit, davon mindestens 2 Jahre in Penetration Tests bzw. Red-Team-Übungen Beteiligung an mindestens 2 größeren Projekten (Unternehmen / Behörde mit >250 Mitarbeitenden), z. B. Web-App-Pentests, Netzwerk-Pentests, Cloud-Pentests Gute Deutschkenntnisse in Wort und Schrift Zuschlagskriterien: Umfangreiche Erfahrung in Pen-Tests / Red-Team Mehrere Referenzprojekte Zertifizierungen wie OSCP, GPEN, CEH, eJPT, CREST, CISSP/CISM Erfahrung mit Werkzeugen wie Burp Suite, Nmap, Metasploit, Cobalt Strike, Nessus/OpenVAS, sqlmap, etc. Fähig, eigene Exploits / PoCs zu entwickeln (Python, PowerShell) Erfahrung mit Jira, Confluence, SharePoint Andere Details: Zeitraum: Rahmenvereinbarung bis 2030 Arbeitsort: Remote/Deutschland Bei Interesse freue ich mich auf Deine Bewerbungsunterlagen , Verfügbarkeit und Stundensätze an tamara.petrovic.turkovic@emagine.de

Technology

emagine Polska

Penetration Tester (m/w/d)

Senior

Remote

Berlin, Germany

🏢 Summary: Experienced Penetration Tester responsible for planning, executing, and reporting comprehensive penetration tests across network, web, wireless, Active Directory, and physical environments. The role includes realistic attack simulations, compliance assessments, and deriving concrete security improvement measures within a large public IT environment. Engagement is long-term and primarily remote within Germany. 🗂️ Requirements: Completed degree in Computer Science or recognized technical IT training, Minimum 3 years experience in IT security, At least 2 years hands-on experience in penetration testing or red teaming, Experience in at least 2 large-scale projects (>250 users), Proven experience in web, network or cloud penetration testing, Ability to conduct independent security assessments and exploit development, Good German language skills (written and spoken) 📃 Skills: PenetrationTesting, RedTeaming, NetworkSecurity, WebSecurity, WLAN, ActiveDirectory, CloudSecurity, BurpSuite, Nmap, Metasploit, CobaltStrike, Nessus, OpenVAS, sqlmap, Python, PowerShell, Jira, Confluence, SharePoint, OSCP, GPEN, CEH, eJPT, CREST, CISSP, CISM 🏢 Description: Für das Projekt wird ein erfahrener Penetration Tester (m/w/d) gesucht, der umfassende Penetration Tests plant, vorbereitet, durchführt und nachbereitet. Die Rolle umfasst sowohl technische Sicherheitsanalysen als auch die Ableitung konkreter Maßnahmen zur Erhöhung der IT-Sicherheit. Der Einsatz findet im Umfeld eines großen öffentlichen IT-Dienstleisters statt. Deine Aufgaben: Vor- und Nachbereitung sowie Durchführung abgestimmter Penetration Tests, u. a.: Network Penetration Testing WLAN Penetration Testing Web Application Penetration Testing Active Directory Penetration Testing Physical Penetration Testing Ermittlung bekannter und unbekannter Sicherheitslücken in IT-Systemen und Anwendungen Analyse der Sicherheitslage der IT-Infrastruktur sowie Prüfung der Compliance-Vorgaben (z. B. DSGVO, BSI-Grundschutz, NIS-Richtlinie) Durchführung realitätsnaher Angriffssimulationen zur Risikobewertung Ableitung von Maßnahmen zur Verbesserung der IT-Sicherheit und Präsentation der Ergebnisse Sicherstellung, dass alle Aktivitäten transparent, nachvollziehbar und rechtskonform erfolgen Dein Profil: Abgeschlossenes Informatik-Studium oder eine anerkannte technische Berufsausbildung (z. B. Fachinformatiker) Mindestens 3 Jahre praktische Erfahrung im Bereich IT-Sicherheit, davon mindestens 2 Jahre in Penetration Tests bzw. Red-Team-Übungen Beteiligung an mindestens 2 größeren Projekten (Unternehmen / Behörde mit >250 Mitarbeitenden), z. B. Web-App-Pentests, Netzwerk-Pentests, Cloud-Pentests Gute Deutschkenntnisse in Wort und Schrift Zuschlagskriterien: Umfangreiche Erfahrung in Pen-Tests / Red-Team Mehrere Referenzprojekte Zertifizierungen wie OSCP, GPEN, CEH, eJPT, CREST, CISSP/CISM Erfahrung mit Werkzeugen wie Burp Suite, Nmap, Metasploit, Cobalt Strike, Nessus/OpenVAS, sqlmap, etc. Fähig, eigene Exploits / PoCs zu entwickeln (Python, PowerShell) Erfahrung mit Jira, Confluence, SharePoint Andere Details: Zeitraum: Rahmenvereinbarung bis 2030 Arbeitsort: Remote/Deutschland Bei Interesse freue ich mich auf Deine Bewerbungsunterlagen , Verfügbarkeit und Stundensätze an tamara.petrovic.turkovic@emagine.de

Technology

Jit Team

Penetration Testing

Senior

Hybrid

Krakow, Poland

1,100 - 1,360 PLN

🏢 Summary: Security Researcher role focused on penetration testing across hardware, software, cloud, mobile, and OT environments within a product security team. The position involves vulnerability research, exploitation, security assessments, and collaboration with engineering teams to ensure secure product development. Candidates will work with advanced security tools, conduct technical research, and prepare detailed security documentation. 🗂️ Requirements: Strong understanding of TCP/IP networking, Knowledge of application protocols, Knowledge of software exploitation techniques, Experience with common vulnerabilities, Hands-on experience with port scanning, Hands-on experience with fuzzing, Experience with vulnerability assessment tools, Knowledge of web technologies, Knowledge of web security risks, Familiarity with OWASP Top 10, Familiarity with SANS Top 25, Experience with mobile application security, Experience with APIs, Proficiency in Python or another scripting language, Knowledge of cryptographic protocols, Knowledge of security protocols, Experience with Metasploit, Experience writing custom exploits, Strong English communication skills 📃 Skills: TCP/IP, OWASP, SANS, Python, Metasploit, Fuzzing, APIs, Cryptography, Portscanning, Exploitation, Networking, Bluetooth, NFC, UART, JTAG, I2C, Firmware, Reverseengineering 🏢 Description: Project We are looking for a skilled Security Researcher to join a Cybersecurity Assurance Center, part of a product security team responsible for penetration testing across a wide range of products . In this role, you will work on cutting-edge cybersecurity challenges , ensuring that products are secure before they reach the market. Key Responsibilities Perform penetration testing across hardware, software, cloud, mobile and OT environments Identify, analyze and exploit vulnerabilities to prevent security issues before release Collaborate closely with engineering teams to support a security-by-design approach Use and develop advanced security tools, including custom cryptographic and reverse engineering solutions Conduct research on emerging technologies, protocols and potential attack vectors Prepare detailed technical reports and documentation Participate in knowledge-sharing sessions and technical discussions Required Skills & Experience Strong understanding of TCP/IP networking and application protocols Solid knowledge of software exploitation techniques and common vulnerabilities Hands-on experience with port scanning, fuzzing, and vulnerability assessment tools Knowledge of web technologies and related security risks Familiarity with OWASP Top 10 and SANS Top 25 Experience with mobile application security and APIs Proficiency in at least one scripting language (e.g. Python ) Good knowledge of cryptographic and security protocols Experience using tools like Metasploit and writing custom exploits Strong English communication skills (written and spoken) Nice to Have Experience with reverse engineering and binary analysis Knowledge of hardware exploitation (UART, JTAG, I2C, firmware extraction) Understanding of wireless technologies (RF, Bluetooth, NFC) Responsibilities Perform penetration testing on various systems, including hardware, software, cloud, mobile, and OT environmentsIdentify, analyze, and exploit vulnerabilities to improve product security before release Collaborate with engineering teams to support secure development practices Conduct vulnerability assessments, fuzz testing, and port scanning Research new technologies, communication protocols, and associated security risks Prepare detailed technical reports and internal documentation Participate in knowledge-sharing and technical discussions Use and develop advanced security tools, including custom-built solutions Client – why choose this particular client from the Jit portfolio? Our Client is an established global technology leader driving the digital transformation and innovation required to accelerate the transition toward a carbon-neutral future . Serving customers across the utility, industry, and infrastructure sectors, they provide cutting-edge solutions and services across the entire energy value chain. The organization is actively evolving the worlds energy systems to make them more sustainable, flexible, and secure, while precisely balancing social, environmental, and economic value. With a proven track record and an unparalleled installed technological base spanning well over 100 countries, the company operates on a massive global scale.

Technology

Link Group

Global Penetration Testing Manager

Senior

Hybrid

Kraków, Poland

🏢 Summary: Senior cybersecurity leadership role focused on managing global penetration testing operations within a banking environment, including governance, compliance, strategy, and stakeholder management. The position oversees regional execution, risk-based planning, vendor management, and executive reporting while ensuring regulatory alignment. Candidates are expected to combine deep penetration testing expertise with leadership experience in multinational organizations. 🗂️ Requirements: 8–10 years of experience in penetration testing service delivery or coordination, Experience managing technical service delivery and cross-border teams, Ability to present security topics to C-suite executives and regulatory bodies, Fluent English, Deep knowledge of penetration testing and cybersecurity, Experience with international process implementation, Experience with risk-based decision-making, Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience, At least one certification: OSCP, At least one certification: OSCE, At least one certification: CREST-CRT, At least one certification: CREST CCT, At least one certification: CISSP, At least one certification: CISM, At least one certification: GIAC GPEN 📃 Skills: Pentesting, Cybersecurity, OSCP, OSCE, CREST, CISSP, CISM, GIAC, GPEN, RedTeaming, PurpleTeaming, ThreatModeling, ExploitDevelopment, RiskAssessment, Compliance, KPIs, KRIs 🏢 Description: Global Service Lead – Pentest Coordination We are seeking a senior cybersecurity leader to take ownership of our global penetration testing operations. In this role, you will define the strategic direction, oversee regional execution, ensure regulatory compliance, and manage relationships with high-level stakeholders and C-suite executives across a global banking environment. Key Responsibilities Global Governance & Compliance: Safeguard the quality and compliance of global penetration testing services. Ensure all activities align with bank internal policies and global regulatory requirements, collaborating closely with regional leads in AMER, APAC, and EMEA. Team Leadership & Strategy: Directly manage the EMEA Pentest Coordination Team Lead. Provide strategic guidance to ensure flawless execution, technical review accuracy, and timely delivery across the EMEA region. Strategic Planning (Book of Work): Lead the creation, formalization, and stakeholder validation of the annual global pentest Book of Work. Risk-Based Prioritization: Align testing schedules and priorities with threat modeling and risk-based assessment methodologies. Vendor & Budget Management: Consolidate and oversee the global pentest budget, ensuring cost-effectiveness. Conduct regular performance reviews of both internal and external testing providers to drive continuous service improvement. Metrics, KPIs & Audit Readiness: Maintain data integrity within reporting platforms. Define and track KPIs/KRIs, deliver regular executive reporting, and support both internal and external regulatory audits. Requirements Leadership & Experience: 8–10 years of experience in a similar penetration testing service delivery or coordination role. Proven track record of managing technical service delivery and cross-border teams within large, multinational organizations . Strong executive presence with the ability to facilitate steering committees and confidently present complex security topics to C-suite executives and regulatory bodies . Exceptional cross-cultural collaboration and communication skills, with complete fluency in English . Technical Expertise & Qualifications: Deep domain knowledge in penetration testing and broader cybersecurity practices. Solid experience in international process implementation and data-driven, risk-based decision-making. Education: Bachelor’s degree in Computer Science, Cybersecurity, or equivalent practical experience. Certifications (Must hold at least one): OSCP, OSCE, CREST-CRT, CREST CCT, CISSP, CISM, or GIAC GPEN. Nice to Have Professional experience within the banking or financial services sector (ideally a global investment bank). Prior experience serving as an advisor to a CISO or participating in risk-steering committees. Hands-on technical background in Red Teaming / Purple Teaming , advanced threat modeling, or exploit development.

Technology

Capgemini Polska

Senior Penetration Tester

Senior

Hybrid

Gdansk, Poland

🏢 Summary: The offer is for a Senior Penetration Tester responsible for leading end-to-end penetration testing across applications, infrastructure, and cloud environments while guiding small delivery teams. The role focuses on identifying vulnerabilities, producing high-quality risk reports, and translating technical findings into business risk insights. It combines hands-on security testing with leadership, mentoring, and stakeholder engagement responsibilities. 🗂️ Requirements: Recognized cybersecurity certification (OSCP, OSWE or equivalent), Minimum 6 years of hands-on penetration testing experience, Experience leading end-to-end penetration testing lifecycle, Ability to identify vulnerabilities through advanced testing and code or configuration reviews, Experience with application, cloud, and API security testing, Knowledge of secure development and DevSecOps practices, Experience mentoring junior testers and guiding small teams, Ability to produce client-ready security reports with risk prioritization 📃 Skills: PenetrationTesting, OSCP, OSWE, Cloud, APIs, DevSecOps, SecurityTesting, VulnerabilityAssessment, CodeReview, ConfigurationReview 🏢 Description: Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you’d like, where you’ll be supported and inspired by a collaborative community of colleagues around the world, and where you’ll be able to reimagine what’s possible. Join us and help the world’s leading organizations unlock the value of technology and build a more sustainable, more inclusive world. Your role Senior Penetration Tester plays a key role in securing complex client environments by leading high-impact security testing activities and guiding small delivery teams. Within projects, the role drives end-to-end penetration testing, supports scoping, ensures high-quality reporting, and provides actionable risk insights to stakeholders. At company level, it strengthens cybersecurity expertise, influences delivery standards, and builds trusted client relationships through consistent, high-quality security outcomes across applications, infrastructure, and cloud environments. Your tasks Leads and delivers end-to-end penetration testing lifecycle across applications, infrastructure, and cloud environments, from scoping to reporting Identifies vulnerabilities through advanced testing and code or configuration reviews Produces high-quality, client-ready reports with clear risk prioritization Facilitates scoping discussions and stakeholder alignment Mentors junior testers and ensures delivery quality and consistency Your profile Recognized cybersecurity certifications (e.g. OSCP, OSWE or equivalent) and extensive hands-on penetration testing experience (approx. 6+ years) Strong client-focused mindset with ability to translate security findings into business risk and support decision making Proven leadership skills, including mentoring, influencing stakeholders, and guiding small delivery teams Advanced analytical thinking, adaptability, and active listening in complex, international environments Hands-on experience with modern application, cloud, and API testing, secure development, and DevSecOps practices What You'll love about working here Practical benefits: private medical care with Medicover with additional packages (e.g., dental, senior care, oncology) available on preferential terms, life insurance and 40+ options on our NAIS benefit platform, including Netflix, Spotify or Sports card. Access to over 70 training tracks with certification opportunities (e.g., GenAI, Architects, Google) on our NEXT platform. Dive into a world of knowledge with free access to Education First languages platform, TED Talks and Udemy Business materials and trainings. Enjoy hybrid working model that fits your life - after completing onboarding, connect work from a modern office with ergonomic work from home, thanks to home office package (including laptop, monitor, and chair). Ask your recruiter about the details. Community Hub that will allow you to choose from over 20 professional communities that gather people interested in, among others: Salesforce, Java, Could, IoT, Agile, AI. Get to know us The Security officer and Security Service Manager manages the security as part of the CISO office of the client. The employee is facing off the security service delivery managers of the suppliers. ​ The security officer and Security service manager is also the escalation point for delivery and incidents.​ The security officer and Security service manager is in charge for the whole or a part off: security governance, security risks management, security awareness, supporting and driving security projects and security operations and security incident management. ​ The CISO manages the unit’s cybersecurity resources and budget. Capgemini is an AI-powered global business and technology transformation partner, delivering tangible business value. We imagine the future of organizations and make it real with AI, technology and people. With our strong heritage of nearly 60 years, we are a responsible and diverse group of 420,000 team members in more than 50 countries. We deliver end-to-end services and solutions with our deep industry expertise and strong partner ecosystem, leveraging our capabilities across strategy, technology, design, engineering and business operations. The Group reported 2024 global revenues of €22.1 billion. Make it real | www.capgemini.com

Technology

B-SoftPlats

Senior Java/Kotlin Engineer

Senior

Remote

🏢 Summary: Hands-on Lead Integration Engineer role combining technical leadership with architecture and development of enterprise-grade integrations for a core banking platform. You will lead and mentor a team while designing scalable integrations, complex workflows, and secure distributed systems using modern backend and cloud technologies. The position focuses on building reliable connectors to financial systems and continuously improving integration architecture and practices. 🗂️ Requirements: 7+ years experience in integration or backend software engineering, 3+ years leadership or senior technical leadership experience, Advanced proficiency in Java or Kotlin, Deep experience with Quarkus framework, Hands-on expertise with Temporal for workflow orchestration, Strong experience with Apache Kafka, Strong knowledge of PostgreSQL and NoSQL databases, Expert experience with RESTful APIs and OpenAPI, Strong understanding of security principles (encryption, OAuth2, JWT, mTLS) 📃 Skills: Java, Kotlin, Quarkus, Temporal, Kafka, PostgreSQL, Elasticsearch, Redis, REST, OpenAPI, OAuth2, JWT, mTLS, Apache, Camel, AWS, GCP, Azure, Docker, Kubernetes, Argo, Terraform 🏢 Description: Job description About the Role We are seeking an experienced Lead Integration Engineer to manage and grow our integration engineering team while remaining hands-on with architecture and development. The ideal candidate will have extensive experience designing enterprise-grade integrations across financial systems, combined with proven team leadership skills. You will be responsible for managing engineers, mentoring the team, architecting our integration strategy, and actively contributing to the delivery of scalable solutions that power our core banking platform. This is a hands-on management role where you will both guide your team and directly contribute to critical integration work. Responsibilities Architect and oversee the design of high-quality, scalable, and reliable integrations using Java, Kotlin, Quarkus, and Temporal. Lead the development and management of connectors to third-party systems, including core banking platforms (e.g., Mambu, Saascada, Tuum), payment gateways, and financial service providers, using Apache Camel. Design and orchestrate complex business workflows using Temporal, establishing best practices and patterns. Lead and mentor a team of integration engineers, providing technical guidance and fostering continuous learning. Collaborate with cross-functional teams (product, engineering, operations) to define integration architecture, requirements, and deliver solutions. Establish and enforce security and integrity standards by implementing best practices for authentication, authorization, and data protection. Drive the continuous improvement of our integration platform, processes, and engineering practices. Lead troubleshooting and resolution of complex integration issues and architectural challenges. Evaluate and recommend new technologies and tools to enhance our integration capabilities. Required Skills and Experience 7+ years of professional experience as an Integration Engineer or Software Engineer, with significant focus on backend development. 3+ years of leadership or senior technical leadership experience, guiding teams and providing technical direction. Advanced proficiency in Java and/or Kotlin with deep experience with the Quarkus framework. Hands-on expertise with Temporal for workflow orchestration and complex distributed systems. Strong experience with messaging systems, particularly Apache Kafka. Deep understanding of relational databases, such as PostgreSQL, and NoSQL databases like Elasticsearch and Redis. Expert-level experience building and consuming RESTful APIs with a strong understanding of OpenAPI standards. Advanced understanding of security principles and best practices, including: Encryption: Data-at-rest and data-in-transit encryption mechanisms Authentication and Authorization: Standards like OAuth 2.0 and JWT mTLS: Mutual TLS for secure service communication Excellent problem-solving, architectural thinking, and debugging skills. Strong communication and leadership skills with the ability to influence across teams. Preferred Qualifications Extensive experience with Apache Camel for enterprise integration solutions. 5+ years of experience in the financial services or fintech industry. Deep experience with core banking platforms such as Mambu, SaasCada, or Tuum. Strong knowledge of cloud platforms (AWS, GCP, Azure) and containerization technologies (Docker, Kubernetes). Experience in architecting and managing CI/CD pipelines using tools like Argo Workflows. Proficiency with infrastructure-as-code tools like Terraform. Experience building and scaling integration platforms in fast-growing environments.

Technology

B-SoftPlats

Senior Java/Kotlin Engineer

Senior

Remote

🏢 Summary: Hands-on Lead Integration Engineer role combining team leadership with architecture and development of enterprise-grade integrations for a core banking platform. Responsible for designing scalable integration solutions, orchestrating complex workflows, and ensuring secure, reliable connectivity with financial systems. The position involves mentoring engineers while actively contributing to backend and integration development. 🗂️ Requirements: 7+ years backend or integration engineering experience, 3+ years technical leadership experience, Advanced proficiency in Java or Kotlin, Strong experience with Quarkus framework, Hands-on experience with Temporal workflow orchestration, Strong knowledge of Apache Kafka, Experience with relational and NoSQL databases, Expertise in RESTful APIs and OpenAPI, Knowledge of OAuth2 and JWT, Experience with encryption and mTLS 📃 Skills: Java, Kotlin, Quarkus, Temporal, Kafka, PostgreSQL, Elasticsearch, Redis, REST, OpenAPI, OAuth2, JWT, mTLS, Camel, AWS, GCP, Azure, Docker, Kubernetes, Argo, Terraform 🏢 Description: Job description About the Role We are seeking an experienced Lead Integration Engineer to manage and grow our integration engineering team while remaining hands-on with architecture and development. The ideal candidate will have extensive experience designing enterprise-grade integrations across financial systems, combined with proven team leadership skills. You will be responsible for managing engineers, mentoring the team, architecting our integration strategy, and actively contributing to the delivery of scalable solutions that power our core banking platform. This is a hands-on management role where you will both guide your team and directly contribute to critical integration work. Responsibilities Architect and oversee the design of high-quality, scalable, and reliable integrations using Java, Kotlin, Quarkus, and Temporal. Lead the development and management of connectors to third-party systems, including core banking platforms (e.g., Mambu, Saascada, Tuum), payment gateways, and financial service providers, using Apache Camel. Design and orchestrate complex business workflows using Temporal, establishing best practices and patterns. Lead and mentor a team of integration engineers, providing technical guidance and fostering continuous learning. Collaborate with cross-functional teams (product, engineering, operations) to define integration architecture, requirements, and deliver solutions. Establish and enforce security and integrity standards by implementing best practices for authentication, authorization, and data protection. Drive the continuous improvement of our integration platform, processes, and engineering practices. Lead troubleshooting and resolution of complex integration issues and architectural challenges. Evaluate and recommend new technologies and tools to enhance our integration capabilities. Required Skills and Experience 7+ years of professional experience as an Integration Engineer or Software Engineer, with significant focus on backend development. 3+ years of leadership or senior technical leadership experience, guiding teams and providing technical direction. Advanced proficiency in Java and/or Kotlin with deep experience with the Quarkus framework. Hands-on expertise with Temporal for workflow orchestration and complex distributed systems. Strong experience with messaging systems, particularly Apache Kafka. Deep understanding of relational databases, such as PostgreSQL, and NoSQL databases like Elasticsearch and Redis. Expert-level experience building and consuming RESTful APIs with a strong understanding of OpenAPI standards. Advanced understanding of security principles and best practices, including: Encryption: Data-at-rest and data-in-transit encryption mechanisms Authentication and Authorization: Standards like OAuth 2.0 and JWT mTLS: Mutual TLS for secure service communication Excellent problem-solving, architectural thinking, and debugging skills. Strong communication and leadership skills with the ability to influence across teams. Preferred Qualifications Extensive experience with Apache Camel for enterprise integration solutions. 5+ years of experience in the financial services or fintech industry. Deep experience with core banking platforms such as Mambu, SaasCada, or Tuum. Strong knowledge of cloud platforms (AWS, GCP, Azure) and containerization technologies (Docker, Kubernetes). Experience in architecting and managing CI/CD pipelines using tools like Argo Workflows. Proficiency with infrastructure-as-code tools like Terraform. Experience building and scaling integration platforms in fast-growing environments.