(Contractor) Senior Penetration Tester – QA Automation & Security

About The Position

Requirements

• Deep expertise in test automation framework design and implementation for enterprise web platforms, including front-end and API automation.
• Proven ability to plan and execute penetration testing engagements in regulated financial services environments.
• Hands-on experience establishing automated testing standards for distributed delivery teams from the ground up.
• Working knowledge of BaFin, GDPR, and ISO 27001 control requirements and how they apply to test evidence collection.
• Ability to define and enforce quality gates at the sprint and release level across multiple parallel teams.
• Strong consultative and collaborative approach to working across development pods, security stakeholders, and architecture leads.
• Security test automation skills including vulnerability scan scripting and automated compliance evidence packaging.
• Desire to own quality outcomes end-to-end, from framework setup through go-live regression cycles.
• Hunger for continuous learning in an evolving regulatory and security landscape.
• Good interpersonal, written, and verbal communication skills to coordinate across cross-functional teams.
• Experience in AI or a proven track record of rapidly learning and mentoring others on emerging tech.

Nice To Haves

• Experience with Playwright, Cypress, or equivalent tooling.

Responsibilities

• Lead penetration testing planning and execution in a regulated financial services environment, coordinating closely with the Solutions Architect to align on scope, timing, and remediation priorities.
• Design and own the automated testing strategy for a large-scale enterprise financial platform, establishing the full test automation framework — tooling, architecture, and standards — from the ground up in the first month of engagement.
• Define and enforce quality gates at the sprint and release level across distributed delivery teams, ensuring consistent standards are applied across all workflows through go-live.
• Build and maintain front-end and API automation test suites using modern frameworks such as Playwright, Cypress, or equivalent tooling.
• Develop security test automation, including vulnerability scan scripting and automated compliance evidence collection structured for regulatory review.
• Ensure test execution outputs are audit-ready, packaging evidence in alignment with BaFin, GDPR, and ISO 27001 control requirements.
• Lead UAT and regression test cycles ahead of go-live milestones, managing coverage across all platform workflows.
• Collaborate cross-functionally with development pods and stakeholders to continuously raise the quality baseline and close gaps before they reach production.

Benefits

• Equal employment opportunity without regard to age, color, disability, gender, gender identity, genetic information, marital status, military status, national origin, race, religion, sexual orientation, veteran status, or any other legally protected characteristic.
• Inclusive workplace.
• Reasonable accommodations to participate in the job application or interview process.