Penetration Tester / AppSec Engineer

The Penetration Tester / Application Security (AppSec) specialist at Sphynx is responsible for identifying and addressing security vulnerabilities within applications and systems, as well as perform penetration tests for our clients. This role involves performing penetration tests, security assessments, and providing actionable recommendations to enhance the overall security posture.

Responsibilities

• Conduct penetration testing on web, mobile, and network applications to identify security risks.
• Perform static and dynamic application security testing and code reviews.
• Identify and report security vulnerabilities, providing detailed risk analysis and remediation guidance.
• Collaborate with development teams to integrate secure coding practices and improve the security lifecycle.
• Develop and maintain security testing tools and documentation.
• Stay current with emerging security threats, vulnerabilities, and mitigation techniques.
• Assist in designing and implementing application security policies and standards.

• Bachelor's degree in Computer Science, Cybersecurity, or related field.
• At least 2 years of professional experience in penetration testing and application security assessments.
• Strong knowledge of web application security, OWASP Top 10, and common vulnerabilities.
• Experience with penetration testing tools such as Burp Suite, Metasploit, Nessus, or similar.
• Proficiency in scripting and programming languages (e.g., Python, JavaScript).
• Understanding of secure software development lifecycle (SDLC).
• Excellent analytical, problem-solving, and communication skills.
• Relevant certifications such as OSCP, CEH, or GIAC (GWAPT) are highly desirable.

• Competitive remuneration package adjusted to proven skills and experience;
• Excellent working conditions;
• Exposure to training and professional development capabilities, including the ability to engage in cutting-edge research;
• Exposure to international clients and collaborators.