Senior Penetration Engineer

We are looking for a new colleague, Senior Penetration Engineer, who would like to make our products and services more secure by “attacking” them.

In this role, you will primarily focus on penetration testing of mobile applications, web applications, cloud services, APIs, networks, and systems. What makes this opportunity different is the chance to also work on security testing of embedded systems and connected devices. This will not be the majority of your work, but it will be an important and technically attractive part of the role - roughly around one quarter of the overall scope, depending on current projects and your experience.

You may therefore find yourself testing not only applications and backend services, but also the way devices communicate with mobile apps, cloud platforms, update mechanisms, firmware, network interfaces, and other components of a real product ecosystem.

On that journey, you may face many challenges but also experience the satisfaction of finding and helping fix meaningful security issues. The landscape is constantly changing, so you will be encouraged to go through training, attend conferences, participate in our Hacking Fridays and CTFs, and continuously learn new things. Though there might be many challenges on your way, remember you are never alone.

JOB DUTIES:

• Advanced Penetration Testing: Perform in-depth penetration tests on mobile applications, web applications, APIs, cloud services, networks, and systems to uncover security weaknesses.
• Embedded and Connected Device Security: Contribute to security testing of embedded systems and connected devices, including areas such as firmware, device communication, update mechanisms, exposed interfaces, and device-to-cloud interaction.
• Project Ownership: Take ownership of more complex security projects, ensuring timely and high-quality deliverables.
• Tool Proficiency: Utilize advanced tools and methodologies for penetration testing, vulnerability assessment, mobile application testing, cloud security testing, and, where relevant, embedded system analysis.
• Reporting: Document findings and provide detailed reports with clear technical impact, reproducible evidence, and actionable recommendations.
• Collaboration: Work with team members and other departments to achieve common objectives and ensure the success of cross-functional projects.
• Compliance: Ensure all testing activities adhere to company policies and industry standards.
• Self-Development: Dedicate time during your working week to build your skills and prepare for relevant industry certifications, fully funded by ADI.

YOU MUST HAVE:

• Hands-on experience in cyber security, with a strong focus on penetration testing and vulnerability assessment.
• Practical knowledge of penetration testing tools and techniques for at least some of the following areas: web applications, APIs, mobile applications, cloud services, networks, or systems.
• The ability to analyze complex security problems, understand their real-world impact, and propose effective, practical solutions.
• A strong desire for continuous self-development, with the willingness to learn, adapt to new tools and technologies, and invest time in studying for relevant qualifications.
• Interest in expanding your security testing experience into embedded systems, connected devices, or product security.
• Business-level English is required.

WE VALUE:

• One or more advanced certifications such as OSCP, OSEP, OSWE, GWAPT, GMOB, or similar.
• Experience with mobile application security testing, cloud security testing, or API security testing.
•  
• Experience or interest in embedded systems, IoT security, firmware analysis, Linux-based devices, network protocols, serial communication, hardware-facing debug interfaces, or device-to-cloud security.
• The ability to collaborate effectively with team members and cross-functional stakeholders to achieve shared goals.
• Fluency in Czech.

WHAT'S IN IT FOR YOU:

• Stable multinational company
• 5 weeks of holidays
• Possibility of working from home 2x per week.
• Private parking, good public transport links
• Pluxee leisure allowance of CZK 4,500/year
• Multisport card
• Meal allowance of CZK 80/day
• Contribution to life/pension insurance/DIP
• Discounted mobile phone tariff for family members
• Language courses
• Company events (Christmas party, team building)

#LI-SR1

#LI-HYBRID

Resideo Technologies has announced its intention to spin off ADI Global Distribution and establish it as a separate, publicly traded company. Under this plan, ADI will continue its role as a leading global wholesale distributor serving commercial and residential markets, while Resideo will retain its manufacturing and product-solutions business. Upon separation, both companies will operate independently to better serve their respective markets and customers. The spin-off is currently targeted for completion in the second half of 2026, subject to customary conditions.

Resideo is a $6.76 billion global manufacturer, developer, and distributor of technology-driven sensing and control solutions that help homeowners and businesses stay connected and in control of their comfort, security, energy use, and smart living. We focus on the professional channel, serving over 100,000 contractors, installers, dealers, and integrators across the HVAC, security, fire, electrical, and home comfort markets. Our products are found in more than 150 million residential and commercial spaces worldwide, with tens of millions of new devices sold annually. Trusted brands like Honeywell Home, First Alert, and Resideo power connected living for over 12.8 million customers through our Products & Solutions segment. Our ADI | Snap One segment spans 200+ stocking locations in 17 countries, offering a catalog of over 500,000 products from more than 1,000 manufacturers. With a global team of more than 14,000 employees, we offer the opportunity to make a real impact in a fast-growing, purpose-driven industry. Learn more at www.resideo.com.

At Resideo, we bring together diverse individuals to build the future of homes. Resideo is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status. For more information on applicable U.S. equal employment regulations, refer to the "EEO is the Law" poster, "EEO is the Law" Supplement Poster and the Pay Transparency Nondiscrimination Provision. Resideo complies with applicable equal employment laws in all countries where we do business. For more information on how we process your information in the job application process, please refer to Recruitment Privacy Notice. If you require a reasonable accommodation to apply for a job, please use Contact Us form for assistance.