Senior Penetration Tester

<div class="content-intro"><p class="hero_p" data-w-id="694f4a7e-1669-d6d6-f8b3-0f8400d2c4cf">BrainRocket is a global company creating end-to-end tech products for clients across Fintech, iGaming, and Marketing.&nbsp;‍Young, ambitious, and unstoppable, we've already taken Cyprus, Malta, Portugal, Poland, and Serbia by storm.&nbsp;Our BRO team consists of 1,300 bright minds creating innovative ideas and products.&nbsp;We don’t follow formats. We shape them. We build what works, launch it fast, and make sure it hits.</p></div><p>We invite&nbsp;<strong>a Senior Penetration Tester<span data-sheets-root="1">&nbsp;</span></strong>to join our team.&nbsp;<strong>It's an office-based role – no remote or hybrid options.</strong></p> <p>✅&nbsp;<strong>Responsibilities:&nbsp;<br></strong>✔️ Lead end-to-end penetration testing engagements across web applications, APIs, mobile, internal and external networks and cloud (primarily AWS). <br>✔️ Run red-team and assumed-breach operations - initial access, privilege escalation, lateral movement, persistence, exfiltration - including against fraud and detection stacks.&nbsp; ✔️ Perform security reviews of cloud-native services, Kubernetes workloads, CI/CD pipelines, and microservices. <br>✔️ Discover and exploit vulnerabilities across real-money flows - payments, deposits and withdrawals, wallets, KYC / AML, bonus systems, and affiliate tracking. <br>✔️ Partner with product, engineering, AppSec, payments, and fraud teams to translate findings into concrete fixes and durable controls. <br>✔️ Develop custom tooling, scripts, and methodology where no out-of-the-box approach exists. <br>✔️ Build and validate declarative threat models and contribute to "secure by design" practice. <br>✔️ Mentor mid and junior testers, review their engagement plans and reports. <br>✔️ Track new CVEs, TTPs, MITRE ATT&amp;CK updates, and regulator advisories - translate them into concrete changes here. <br>✔️ Support pre-sales scoping, effort estimation, and pre-certification engagements for new products and jurisdictions. <br>✔️ Serve as a trusted offensive-security advisor to product, engineering, and compliance teams.&nbsp;</p> <p>✅&nbsp;<strong>Requirements: <br></strong>✔️ Minimum 4 years of hands-on penetration testing or offensive-security experience. <br>✔️ Proven track record across at least three of: web / API, internal, external network, cloud (AWS / GCP), mobile (iOS / Android). <br>✔️ <strong>OSCP</strong> or an equivalent in-the-box certification. <br>✔️ Strong working knowledge of SAST/SCA/DAST tooling, AWS/GCP, MITRE ATT&amp;CK, OWASP ASVS / WSTG, PTES. <br>✔️ Understanding of the data flow, MVC model. <br>✔️ Understanding of supply chain attacks. <br>✔️ Good reporting skills. <br>✔️ Comfortable scripting in <strong>Python</strong> plus Bash. <br>✔️ Knowledge at least one of major cloud provider's IAM model. <br>✔️ Experience pentesting <strong>cloud-native systems and Kubernetes</strong> environments, plus the CI/CD pipelines around them (GitLab, GitHub Actions, Jenkins) and IaC (Terraform, Helm, CloudFormation). <br>✔️ Strong written and verbal communication in <strong>English</strong>. <br>✔️ Experience balancing security and business demands under release pressure. <br>✔️ Familiarity with industry regulations, frameworks, and practices: <strong>PCI DSS, ISO 27001, NIST, GDPR</strong>.&nbsp;</p> <p>✅ <strong>PREFERRED QUALIFICATIONS:&nbsp;</strong><br>✔️ One of offensive-security certifications: <strong>OSWE, OSEP, OSED, CRTO, BSCP, ARTE, GRTE</strong>. <br>✔️ In-depth experience architecting secure services on Kubernetes and AWS. <br>✔️ Prior <strong>iGaming, fintech, or payments</strong> domain experience. <br>✔️ Public CVEs, advisories, write-ups, conference talks. <br>✔️ HTB Pro Lab completions, real CTF placements. <br>✔️ Open-source contributions to offensive or defensive tooling.&nbsp;</p> <p>✅ <strong>We offer excellent benefits, including but not limited to:</strong><br>🚀 Career growth opportunities in an international and dynamic environment;<br>📚 Opportunity to develop language skills with partial compensation for language courses;<br>🎁 Special gifts for birthdays, weddings, and newborns;<br>🏝️ 20 working days of paid annual vacation, plus 6 paid sick leave;<br>🍲 Office snacks and refreshments;<br>🏋️‍♂️ Sports package to support a healthy lifestyle;<br>🩺 Comprehensive medical insurance for you and your partner;<br>📍 Comfortable office with great facilities in a prime location;<br>&nbsp;🎉 Exciting corporate events, team-building activities, and international company parties.</p><div class="content-conclusion"><p>Bold moves start here. Make yours. Apply today!&nbsp;</p> <p><strong>By submitting your application, you agree to our <a href="https://www.brainrocket.com/privacy-policy" target="_blank">Privacy Policy.</a></strong></p></div>