This role involves providing expertise in Penetration Testing to support broader Cyber Security efforts. The successful candidate will work as part of a global or regional Cybersecurity team, offering guidance, oversight and assurance on security processes, controls, standards and regulatory requirements.

• Lead and manage penetration tests for various technologies
• Conduct technical security assessments of mobile apps, infrastructure, networks, web services and APIs, including manual penetration testing and code review
• Document root causes and risk analysis clearly and professionally
• Follow security testing processes and suggest improvements to the manager
• Collaborate with DevOps teams
• Apply testing methods to business functions and relevant risks
• Create basic proof-of-concept exploits for vulnerabilities when needed
• Guide penetration tests and results to ensure the bank stays within acceptable risk levels

A successful candidate will ensure the security of the company's applications by identifying vulnerabilities, suggesting controls, guiding risk reduction and working directly with engineering, management teams, business owners and global tech groups.

• At least 5 years of hands-on experience in penetration testing
• Strong understanding of security models for iOS and Android platforms
• Excellent knowledge of platform-specific security risks, common vulnerabilities in mobile applications, and risks in financial applications
• Practical experience in penetration testing of infrastructure, web, and mobile technologies using both manual and automated methods
• Excellent knowledge of TCP/IP and related security issues
• Strong understanding of cryptography in application development

• Strong understanding of mobile app technologies and protocols (HTML, XML, JavaScript, JSON, REST, Micro-services)
• Knowledge of software development lifecycles, especially DevOps
• Skilled in security code reviews for Java, Objective C, Swift and Kotlin
• Familiarity with mobile security testing frameworks like OWASP MASVS and MSTG
• Hands-on experience with SAST, DAST and IAST tools
• Knowledge of security mechanisms like SSL, pinning, biometric authentication, JWT, SAML, RASP, and Oauth2

• Prestigious position at one of the world's largest banks
• Remote work (Poland based) and flexible working hours
• Personal growth and development
• Private healthcare coverage and multisport card
• Referral program and company events