Penetration Tester Expert

About The Position

Requirements

• At least three years of experience in penetration testing, with a strong emphasis on web application security and external testing.
• Hands on experience performing source code reviews as part of penetration testing or application security assessments.
• Previous experience working in a consulting or professional services environment.
• Strong understanding of penetration testing methodologies and hands on experience with tools such as Burp Suite, Swagger, and Postman.
• Deep technical knowledge across a broad range of technologies, with the ability to learn new systems quickly, including: Databases such as MSSQL, MySQL, Oracle Database, and PostgreSQL
• Networking protocols including TCP/IP, DNS, HTTP, FTP, AND SMTP
• Web servers such as Apache Nginx, Microsoft IIS, and Tomcat
• Operating systems including Windows and Linux
• Cloud platforms including AWS, Azure, and GCP
• Strong knowledge of OWASP Top 10 vulnerabilities and defensive techniques.

Nice To Haves

• Proficiency in development languages such as C#, PHP, Java, Node.js, and Python.
• Industry certifications such as OSWE or eWPTXv2.
• Publicly demonstrated security research, including CVEs, bug bounties, or published findings.
• Experience testing complex, high traffic, or business critical web applications.

Responsibilities

• Design and execute external penetration testing engagements against client environments, identifying exploitable weaknesses from an attacker’s perspective.
• Perform web application penetration testing, including authentication, authorization, business logic, and data handling assessments.
• Conduct source code reviews to identify security flaws, insecure patterns, and logic vulnerabilities.
• Use black box, gray box, and white box testing approaches based on engagement scope and client needs.
• Clearly communicate findings to clients, including attack paths, risk impact, and practical remediation guidance.
• Collaborate with internal teams to share insights, techniques, and lessons learned from real world attacks.

Benefits

• At Sygnia, you will work alongside some of the most experienced cyber security professionals in the industry, tackling complex and high impact security challenges for leading organizations around the world. You will gain hands on exposure to real adversary techniques, meaningful client interaction, and the opportunity to continuously deepen your expertise in application security and offensive testing.
• As a fully remote team, we value autonomy, trust, and collaboration, giving you the flexibility to do your best work while contributing to high stakes engagements that matter.