Requirements: English
Company: emagine Polska
Region: Warsaw , Masovian Voivodeship
Industry: Renewable energy sources
Work model: Hybrid, 2 days from the office in Warsaw per week
Type of contract: B2B
Start Date: ASAP
Contract length: 4 months with some possibility of extensions
Role overview: The role primarily focuses on enhancing the organisation's security posture by conducting thorough penetration tests on web applications, APIS, and cloud environments. This role is crucial for identifying vulnerabilities and ensuring compliance with internal security policies.
Responsibilities:
- Conduct internalpenetration testing of web applications and APIs.
- Performcloud penetration testingwith a focus on AWS, Azure, and GCP environments.
- Review firewall rules and network segmentationfor misconfigurations and risks.
- Provide detailed technical reports with risk ratings and remediation recommendations.
- Support ad-hoc testing needs from product and infrastructure teams.
- Participate in scoping, kickoff, and debrief sessions with relevant stakeholders.
- Ensure testing aligns with internal security policies and compliance requirements.
Key Requirements:
- Strongexperience in web application and API penetration testing(e.g., OWASP Top 10, SSRF, auth bypass, etc.).
- Hands-on experience withcloud security assessments(AWS/Azure/GCP).
- Ability to assess firewall rules and network architecture from a security perspective.
- Familiarity with tools likeBurp Suite Pro, Nmap, Nessus, Amass, andcloud-native tooling(e.g., ScoutSuite, Prowler).
- Solid reporting skills for technical and business audiences.
- OSCP or equivalent certification required.
- Good communication skills and the ability to collaborate closely with development, infrastructure, and security teams.
Nice to Have:
- Certifications such as OSWE, CCSK, or cloud certifications (e.g., AWS Security Speciality).