Security Pen tester

If you are looking for a meaningful career where people work and act with passion, rethink the existing and always strive to find the best solution - you have come to the right place. We develop future technologies to relentlessly make supply chains better. We are a leader in supply chain software solutions, helping organizations streamline operations, reduce costs, and improve efficiency. Job Summary: We are building a dedicated RED Team to strengthen the security of our SaaS platform. As a Penetration Tester, you will conduct internal offensive security assessments across our web applications, APIs, cloud environments, and emerging AI/LLM-based features. You will identify, exploit, and document vulnerabilities to help the organization stay ahead of modern adversaries. This is a hands-on technical role for someone who enjoys breaking things ethically, understanding how they work under the hood, and working closely with engineering and security teams to drive remediation. What a day in the life looks like: Conduct in-depth penetration tests on web applications, APIs, microservices, and internal SaaS components. Perform manual vulnerability discovery and exploitation following OWASP methodologies. Simulate adversarial attack scenarios and participate in RED Team exercises. Conduct cloud-focused penetration tests and configuration reviews (AWS, OCI and Azure). Test LLM/AI features for prompt injection, jailbreaking, data leakage, model manipulation, and other emerging threats. Develop custom proof-of-concept exploits where applicable. Work closely with engineering and product teams to provide clear remediation guidance. Security Automation & Tools Use and customize security testing tools (Burp Suite, ZAP, Nmap, SQLMap, etc.). Develop scripts or small tools for automation or exploitation (Python, Bash, PowerShell, etc.). Effectively use AI tools (Microsoft Copilot, Claude etc.) to accelerate testing, generate payloads, summarize findings, and produce documentation. Documentation & Reporting Create clear, detailed technical reports with reproduction steps and exploit evidence. Present findings to technical and leadership teams. Contribute to threat models and risk assessments. What you bring to the team: 4+ years of hands-on experience in cybersecurity, with a focus on penetration testing. Strong understanding of OWASP Top 10 and practical experience exploiting them in real-world applications. Experience testing REST and GraphQL APIs. Solid understanding of web technologies (HTML, JavaScript, SQL, authentication mechanisms, etc.). Proven experience performing manual exploitation (not just tool-based scanning). Experience testing cloud-hosted applications and infrastructure (AWS, OCI and Azure). Knowledge of modern authentication (OAuth, JWT, SSO, SAML). AI/LLM Security (Preferred, Not Mandatory) Experience testing AI/LLM-powered features. Knowledge of prompt injection, jailbreaks, RAG attacks, model extraction, data leakage vectors. Tools & Methodologies Proficiency with:Burp Suite Pro Nmap Nikto SQLMap Postman/Insomnia Metasploit SAST/DAST tools (optional) Ability to leverage AI/Copilot tools in daily workflow (payload generation, code review, exploit crafting). Soft Skills Strong analytical and problem‑solving skills. Ability to work independently and in a fast-paced RED Team environment. Excellent written and verbal communication skills. Curiosity-driven mindset with a passion for offensive security. Preferred Certifications (Nice to Have) CEH, OSCP, OSWE, Burp Suite Practitioner, eWPT, eCPPT Cloud certifications (Azure AZ‑500, AWS Security Specialty) Why join us? At Infios, we're not just looking for employees; we're looking for partners in innovation, growth, and purpose. Meeting you where you are to create the future you need is at the core of who we are and what we do. Whether you're at the beginning of your career or a seasoned expert, we meet you on your journey, equipping you with the tools and opportunities to build the future you envision. Together, we will relentlessly work toward one common goal - making supply chains better. We believe the future is better when supply chains work better. We are an equal-opportunity employer and committed to inclusion in the workplace. At Infios, we believe that inclusion is a fundamental cornerstone of our success. We are committed to creating a safe and welcoming environment where every individual’s unique experiences and perspectives are valued—whether they look, think, move, believe, or love differently. All qualified applicants will receive consideration for employment without regard to race, color, ethnicity, national origin, sex, sexual orientation, gender identity, marital status, pregnancy, religion, age, disability, veteran status, genetic information, or any other characteristic protected by law. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this role. If you require assistance or accommodation due to a disability during the recruiting process, please let us know at [email protected] Disclaimer: This job advertisement is not designed to cover a comprehensive listing of all duties or responsibilities that are required for this job. Please note that any salary information is a general guideline only. Individual compensation will be determined by various factors such as the scope and responsibilities of the position, experience, education, skills, location, and market and business considerations. Applications must be submitted via our career site. Apply To This Job