The Penetration Tester / Application Security (AppSec) specialist at Sphynx is responsible for identifying and addressing security vulnerabilities within applications and systems, as well as perform penetration tests for our clients. This role involves performing penetration tests, security assessments, and providing actionable recommendations to enhance the overall security posture.
Responsibilities- Conduct penetration testing on web, mobile, and network applications to identify security risks.
- Perform static and dynamic application security testing and code reviews.
- Identify and report security vulnerabilities, providing detailed risk analysis and remediation guidance.
- Collaborate with development teams to integrate secure coding practices and improve the security lifecycle.
- Develop and maintain security testing tools and documentation.
- Stay current with emerging security threats, vulnerabilities, and mitigation techniques.
- Assist in designing and implementing application security policies and standards.
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, or related field.
- At least 2 years of professional experience in penetration testing and application security assessments.
- Strong knowledge of web application security, OWASP Top 10, and common vulnerabilities.
- Experience with penetration testing tools such as Burp Suite, Metasploit, Nessus, or similar.
- Proficiency in scripting and programming languages (e.g., Python, JavaScript).
- Understanding of secure software development lifecycle (SDLC).
- Excellent analytical, problem-solving, and communication skills.
- Relevant certifications such as OSCP, CEH, or GIAC (GWAPT) are highly desirable.
Benefits
- Competitive remuneration package adjusted to proven skills and experience;
- Excellent working conditions;
- Exposure to training and professional development capabilities, including the ability to engage in cutting-edge research;
- Exposure to international clients and collaborators.
Skills Required
- Bachelor's or Master's degree in Computer Science, Information Security, or related field
- 3+ years of experience as a Penetration Tester or in a similar ethical hacking role
- Strong knowledge of network protocols, operating systems, and security controls
- Hands-on experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark
- Familiarity with scripting and programming languages (e.g., Python, Bash, PowerShell)
- Understanding of common vulnerabilities and exposures (e.g., OWASP Top 10)
- Excellent analytical, problem-solving, and communication skills
- Relevant certifications such as OSCP, CEH, or GPEN
- Knowledge of cloud security and emerging technologies
What We Do
SPHYNX offers products and solutions, and consulting services, in the areas of cyber intelligence, analytics, incident response, assurance, and certification. We provide customised and continuous security and privacy assessment solutions, covering the full range of socio-technical aspects of a modern enterprise, for internal risk management and/or external security audit and certification. Our solutions are based on our novel security assurance and certification platform and its advanced analytics and cyber intelligence. In addition, its consulting services, SPHYNX has expertise in providing customized solutions depending on client needs as well as more general training on analytics, security assessment and certification and cyber intelligence.
