Pentester

Join us and hack for Good – Protect What Matters!

Warsaw-based opportunity to work in hybrid model

As a Pentester, you will be working for our client, a leading global financial institution known for delivering a wide range of innovative financial services across capital markets, risk management, and digital platforms. In this role, you will be part of an elite internal penetration testing team assessing critical systems, applications, and cloud infrastructures. The client is focused on secure software development, operational resilience, and proactive risk mitigation.
You will test high-value systems, access source code, and work directly with engineers to implement secure solutions across global environments.

Your main responsibilities: Perform penetration tests on internal web applications, cloud environments, and infrastructure

• Identify and report vulnerabilities with clear technical and business impact
• Analyse source code, configurations, and systems to support deep security assessments
• Develop proof-of-concept exploits or demonstrate real-world attack vectors
• Collaborate with engineers to recommend fixes and propose systemic improvements
• Document findings in structured reports for technical and non-technical audiences
• Participate in red team exercises and threat simulation scenarios
• Review server, network, and cloud configurations for weaknesses
• Share knowledge and techniques with peers in the internal security community
• Contribute to the continuous evolution of internal testing tools and frameworks

You’re ideal for this role if you have:

• Proven experience in penetration testing across web applications, cloud, and infrastructure
• Strong understanding of web security principles and ability to build exploit chains
• Proficiency in analysing systems via source code review and reverse engineering
• Familiarity with tools such as Burp Suite, Wireshark, netcat, and Ghidra
• Knowledge of one or more programming languages like Java, Python, JavaScript, or C++
• Solid understanding of the TCP/IP stack and common network protocols
• High-level knowledge of cryptographic concepts and their implementation risks
• Experience developing or customizing proof-of-concept exploits
• Awareness of security concerns in cloud-native architectures

It is a strong plus if you have:

• Experience in adopting or crafting custom proof of concept exploits
• Knowledge of common cloud products and solutions
• Bachelor of Science in Computer Science, Cyber-Security, or Information Security is preferred
• Experience or trainings in related disciplines such as computer security, network security, network device management, IT administration, cloud security, or infrastructure pentesting is preferred
• Certificates (or equivalent knowledge) such as OSCP, OSEP, OSWP

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.

Internal number #7217