Khám phá việc làm Cloud & Infrastructure nổi bật.
Xem ngay

Lead Penetration Tester (Pentester)

ITviec Recruitment Consulting
+2
City, TP Hồ Chí Minh
City, Hà Nội
Linh hoạt
Đăng 1 giờ trước
Chuyên môn:
Lĩnh vực:
Ngân Hàng
Dịch Vụ và Tư Vấn IT
Dịch Vụ Tài Chính

3 Lý do để gia nhập công ty

  • Flexible working time
  • Latest Technology Updates
  • Competitive salary package

Mô tả công việc

ITviec's client is an AI-centric global digital transformation company. We design advanced data and AI transformation solutions, modernize technology architectures and develop next-generation core systems for industry leaders in Banking, Insurance, Manufacturing and Robotics. Partnering closely with our clients, we push boundaries to unlock their full potential.

As a Lead Penetration Tester, you will be responsible for leading and performing authorized security testing activities across applications, digital platforms, APIs, infrastructure, cloud environments, and related systems. This role is designed as a hands-on technical leadership position, with approximately 70% focus on penetration testing execution and 30% focus on leading, guiding, reviewing, and coordinating security testing activities. 

The role focuses on identifying security vulnerabilities, validating risks, supporting remediation, and ensuring that systems meet security, regulatory, and industry requirements. You will be expected to act as a senior technical expert, providing direction on testing approach, reviewing findings, mentoring team members, and ensuring high-quality penetration testing deliverables. 

You will work closely with security teams, application teams, infrastructure teams, DevOps, architects, business stakeholders, and compliance teams to plan and perform penetration testing across web, mobile, API, cloud, and network environments. The role requires strong hands-on technical security skills, practical experience in ethical hacking, and the ability to communicate security risks clearly to both technical and non-technical stakeholders. 

This role requires the candidate to work onsite at the client’s office based on project needs and client requirements. The onsite frequency, working schedule, location, and duration will be aligned with the client’s expectations and may vary depending on the project phase, testing activities, stakeholder meetings, security assessment timeline, and remediation support needs. 

 

Key Activities 

Hands-on Penetration Testing 

  • Perform authorized penetration testing for web applications, mobile applications, APIs, infrastructure, cloud environments, and digital platforms. 
  • Identify, validate, exploit where appropriate, and document security vulnerabilities, including authentication, authorization, session management, input validation, encryption, access control, and business logic issues. 
  • Conduct security assessments based on industry standards such as OWASP Top 10, OWASP API Security Top 10, OWASP Mobile Security Testing Guide, and relevant security practices. 
  • Analyze application flows, user journeys, transaction processes, access controls, and data handling mechanisms to identify potential security risks. 
  • Perform vulnerability assessment and manual verification to reduce false positives and confirm actual exploitability in authorized environments. 
  • Conduct retesting activities to validate remediation effectiveness and ensure vulnerabilities are properly resolved. 
  • Support security testing activities within the SDLC, including security requirement review, threat analysis, test planning, and release security validation. 
  • Stay updated with emerging cyber threats, attack techniques, security risks, and security testing best practices. 

Technical Leadership & Delivery Support 

  • Lead the planning, scoping, and execution of penetration testing activities across assigned projects or workstreams. 
  • Define penetration testing approach, test strategy, testing scope, priorities, timelines, and required evidence based on project and client requirements. 
  • Guide and mentor penetration testers or security engineers in testing methodology, vulnerability validation, reporting quality, and remediation discussions. 
  • Review vulnerability findings, risk ratings, evidence, and remediation recommendations to ensure accuracy, consistency, and practical value. 
  • Act as the main technical point of contact for penetration testing activities, working with client stakeholders, security teams, development teams, DevOps, infrastructure teams, and compliance teams. 
  • Facilitate vulnerability walkthroughs, risk clarification sessions, remediation discussions, and retesting alignment with relevant stakeholders. 
  • Support estimation, planning, status tracking, issue escalation, and delivery reporting for security testing activities. 
  • Contribute to improving security testing processes, reporting templates, testing checklists, knowledge sharing, and reusable testing practices. 
  • Support regulatory, audit, and compliance requirements by providing security testing evidence, reports, remediation status, and technical clarification when needed. 

Yêu cầu công việc

Required Skills 

  • Strong hands-on experience in penetration testing, vulnerability assessment, ethical hacking, and security testing across application, API, mobile, network, and cloud environments. 
  • Proven experience leading or coordinating penetration testing activities, including test planning, execution tracking, finding review, stakeholder communication, and retesting coordination. 
  • Strong knowledge of web and API security vulnerabilities, including OWASP Top 10, API authentication, authorization, token handling, insecure direct object references, injection, broken access control, and business logic flaws. 
  • Experience testing iOS and Android applications, including mobile application security controls, local storage, certificate pinning, authentication, session handling, and secure communication. 
  • Experience in assessing network services, servers, operating systems, misconfigurations, access controls, and common infrastructure vulnerabilities. 
  • Familiarity with cloud security concepts and security testing considerations for AWS, Azure, or GCP environments. 
  • Hands-on experience with tools such as Burp Suite, OWASP ZAP, Nmap, Nessus, Metasploit, Wireshark, Postman, MobSF, or equivalent security testing tools. 
  • Ability to independently validate vulnerabilities, assess exploitability, determine business impact, and provide clear remediation recommendations. 
  • Ability to write and review clear security reports, including vulnerability details, risk ratings, technical evidence, business impact, and remediation guidance. 
  • Ability to explain technical findings to both technical and non-technical stakeholders in a clear, structured, and practical manner. 
  • Ability to work with engineering teams to clarify root causes, support fix implementation, and perform retesting. 
  • Good understanding of secure coding principles, data privacy, encryption, identity and access management, and common security frameworks. 
  • Understanding of security requirements in regulated, audit, or compliance-driven environments. 
  • Strong problem-solving skills, ownership mindset, attention to detail, and ability to manage multiple testing activities in parallel. 
  • Excellent English communication skills are required, with the ability to communicate fluently and confidently with client stakeholders, security teams, business users, and technical teams. 

Nice-to-have Requirements 

  • Prior experience working on penetration testing or security assessment projects for banks, fintechs, payment platforms, card systems, or financial institutions. 
  • Good understanding of banking systems, digital banking, payments, cards, customer onboarding, AML/KYC, fraud management, account services, and transaction flows. 
  • Familiarity with banking security practices and financial industry security requirements. 
  • Familiarity with PCI DSS, ISO 27001, SOC 2, SWIFT Customer Security Controls Framework, local banking regulations, or other financial industry security requirements. 
  • Experience conducting secure code review or working with SAST tools to identify security issues in application code. 
  • Experience integrating security testing into CI/CD pipelines and working with tools such as SAST, DAST, SCA, container scanning, or secrets detection. 
  • Familiarity with cloud misconfiguration assessment, container security, Kubernetes security, Docker security, and infrastructure-as-code security checks. 
  • Experience with controlled red team exercises, attack simulation, phishing simulation, or adversary emulation in authorized environments. 
  • Ability to use Python, Bash, PowerShell, or similar scripting languages to automate testing, validation, or reporting tasks. 
  • Experience building security testing methodology, playbooks, checklists, report templates, or quality review practices. 
  • Experience mentoring junior or mid-level penetration testers and supporting capability development within a security testing team. 
  • Relevant certifications such as CEH, eJPT, PNPT, OSCP, GWAPT, GPEN, CISSP, CISM, or equivalent are preferred. 

Tại sao bạn sẽ yêu thích làm việc tại đây

  • True Euro-Tech Culture: Experience a flat, open, and collaborative environment built on German standards of respect, transparency, and work-life balance.
  • Continuous Growth & Learning: Accelerate your career with official technical certifications, global mobility opportunities, and structured training programs tailored to your career path.
  • Premium Benefits Package: Enjoy a highly competitive salary, premium private healthcare insurance, performance-based bonuses, and a modern hybrid working model that keeps you flexible and creative.

ITviec Recruitment Consulting

Mô hình công ty
Dịch vụ và Tư vấn giải pháp
Lĩnh vực công ty
Cung Ứng và Tuyển Dụng
Quy mô công ty
1-50 nhân viên
Quốc gia
Japan
Thời gian làm việc
Thứ 2 - Thứ 6
Làm việc ngoài giờ
Không có OT

Việc làm tương tự dành cho bạn

Nhận các việc làm tương tự qua email Nhận thông báo