Penetration Tester

Penetration Tester

Zagreb  |  Varaždin  |  Podgorica  |  Skopje  |  Remote

WHO WE ARE LOOKING FOR

We are looking for a detail-oriented penetration tester to ensure that the systems and applications we secure are resilient, well-protected, and free from vulnerabilities.

Apply now

Infinum’s Cybersecurity team plays a critical role in ensuring the security of our clients’ products, safeguarding them against potential threats and vulnerabilities. The team collaborates closely with developers and system architects in order to make security an integral part of our software development lifecycle.

We have the opportunity to work on a variety of projects for global clients across industries like finance, hospitality, healthcare, and automotive. Equipped with cutting-edge tools and methodologies, we test the security of web & mobile applications, infrastructure, networks, IoT ecosystems, and other innovative solutions. In addition to a sharp eye for vulnerabilities and a proactive mindset, our penetration testers utilize tools such as Burp Suite Professional, Nuclei, OWASP Zap, Nmap, Amass, and others, to ensure the highest levels of security.

01

Qualifications & Experience

  • at least 3 years of experience in web & mobile penetration testing and application security
  • a deep understanding of OWASP standards and guidelines such as the WSTG, ASVS, MASTG, MASVS, and SAMM
  • strong communication and interpersonal skills for collaborating with both technical and non-technical stakeholders
  • experience with writing penetration testing reports in a clear, concise, and understandable way
  • a keen eye for identifying hidden weaknesses that others might overlook, as the smallest vulnerabilities can lead to major breaches
  • a strong understanding of the offensive security landscape
  • affinity for keeping up with general cybersecurity best practices and news
  • comfortable taking ownership of various aspects of a project and being in charge of ensuring everything is delivered on time
  • excellent knowledge of written and spoken English

Bonus points

  • hands-on experience with penetration testing tools and frameworks (e.g., Burp Suite, Metasploit, Nmap)
  • certifications focused on offensive security, e.g., PenTest+, eWPT, eMAPT, OSCP, OSWE, GWAPT, or similar
  • familiarity with application security principles and network protocols
  • familiarity with cloud security and related attack vectors
  • experience in programming or scripting (Python, Bash, etc.) to automate tasks
  • familiarity with compliance standards (e.g., ISO 27001, SOC2, PCI-DSS) and their security implications

02

Your responsibilities

  • conduct penetration testing on web & mobile applications to identify security vulnerabilities
  • provide detailed reports of your findings, including risk assessments and remediation recommendations
  • collaborate with clients’ teams to help them understand and fix vulnerabilities
  • develop and maintain test scripts and custom exploits for use in penetration tests
  • stay up to date with the latest attack techniques and tools in order to improve the testing processes and methodologies
  • contribute to improving security processes and training team members on security best practices

The selection process

01

First interview

You talk to the HR person leading you through the selection process. You get to know Infinum, your potential future team and position, while we also get to know you.

02

Final interview

Usually you talk to the Team Lead, Cybersecurity Engineer and an HR person. You get a deeper insight into the position and our expectations, while we get the opportunity to ask you more specific questions.

03

Offer

All going well, in this stage we send you the offer, which includes all the information from salary details, vacation days, and educational budget, to other perks and benefits of working at Infinum.

00

Next thing you know

You’ll be turning apps into a digital Fort Knox.

Tools
we use

Amass

Amass is our asset discovery tool for mapping out attack surfaces. It helps us gather subdomains, DNS records, and other valuable reconnaissance data.

Burp Suite Professional

Our go-to tool for web application security testing. From manual testing to automated scans, Burp Suite helps us find vulnerabilities and assess risks efficiently.

Frida

Frida is our go-to tool for dynamic instrumentation. It lets us inject scripts into running applications, enabling us to analyze and manipulate app behavior in real-time, often used in reverse engineering and debugging.

Ghidra

Ghidra is essential for reverse engineering software. This open-source suite helps us disassemble and decompile binaries, allowing for in-depth analysis of executable code and uncovering hidden vulnerabilities.

MobSF

We use MobSF for mobile application security assessment. This tool automates static and dynamic analysis, helping us quickly identify security flaws in Android and iOS applications.

Nmap

The network scanner we trust for network discovery and vulnerability assessments. Nmap helps us identify open ports, services, and network misconfigurations.

Nuclei

Our tool of choice for vulnerability scanning with customizable templates. Nuclei helps us automate and scale our reconnaissance efforts.

OWASP ZAP

An open-source web application scanner that’s perfect for quick scans and manual security testing. We rely on ZAP for its simplicity and flexibility in different testing environments.

Postman

Postman is indispensable for testing APIs. It helps us craft and automate requests, making sure API endpoints are secure and function as intended.

ReconFTW

A comprehensive reconnaissance tool we use to automate the entire recon process. ReconFTW speeds up data gathering and gives us a detailed overview of our target’s attack surface.

SQLMap

We turn to SQLMap for automating SQL injection testing. It’s a powerful tool that helps us detect and exploit SQL injection vulnerabilities in web applications.

Wireshark

We rely on Wireshark for network traffic analysis. It allows us to capture and inspect data packets in real-time, helping us diagnose network issues and spot potential security threats.

What do we offer?

Feedback and feedforward

Honest communication fuels growth. In our 1 on 1 sessions, 360 reviews, and career progression meetings, we discuss what is great and what could be improved. 

Additional equipment budget

A little extra to supplement your standard work equipment. Pick a latest-model mobile phone, tablet, e-book reader, or a pair of earphones you’ve been dreaming about. Mix & match, why not.

Contributing to open source

Sharing is caring doesn’t only apply to chocolate.

Educational budget

If you’re eager to learn, we’re eager to help. Every employee receives an educational budget.

Paid language courses

Paid language courses help our employees master the English language.

Doing a career switch

We don’t have a sorting hat to tell you where you belong, but we will support your career switch from one job position to another.

Traveling on business

Having clients all over the world means our employees sometimes have to travel to and work from beautiful locations.

Subsidized recreation

Stay in shape with a sponsored fitness membership of your choice.

Sponsored health checks

You know the old saying – the greatest wealth is health.

Working remotely

Office location? Anywhere. It’s all about flexibility.

Free power-ups

Snack on fruit, cookies, and nuts to keep your energy levels up.

Car and bike parking

Don’t let it get caught in the rain. We offer free parking for bicycles and subsidized car parking.

Flexible working hours

Tailor your working hours to fit your schedule.

Fun and games budget

Every team gets a monthly budget to hang out and do fun stuff.

Benefits

In addition to professional development opportunities, we provide a selection of benefits that help you thrive and grow.

Explore benefits

Apply for this position

Resume
Add files
Motivation letter
Add files

EXPLORE OUR WORK

Interested in our projects?

Take a look