Internal Cybersecurity Penetration Tester

Job Description

We are looking for a Cybersecurity Internal Penetration Tester to support our Information Security & BCM department. The successful candidate will be responsible for conducting internal penetration tests on our infrastructure, applications, and controls.

Tasks

The main tasks include:

• Planning, scope, and execution of internal penetration tests on core banking platforms and business applications
• Development of test scenarios that take into account realistic threat models for the banking sector (fraud, data exfiltration, privilege escalation, lateral movement to critical systems, etc.)
• Conducting hands-on tests on internal networks, servers, endpoints, web applications, APIs, cloud workstations, Active Directory, and other core infrastructure systems
• Documentation of results in clear, risk-based reports that include evidence and actionable recommendations for both technical and non-technical audiences
• Collaborate with infrastructure, development, DevOps, and risk teams to support remediation plans and retesting, and ensure that critical findings are tracked as part of CIRT and governance processes
• Development and maintenance of internal testing methods, playbooks, and tools to support responsive and effective evaluations
• Collaborate with the SOC or the Computer Security Incident Response Team to improve threat detection and response
• Stay up to date on new threats, vulnerabilities, TTPs, etc., and incorporate them into internal testing

Requirements

The requirements for this position include:

• Background in cybersecurity, computer science, or a related field
• 3–5 years of hands-on experience in penetration testing or red teaming, with a proven track record of working on internal networks, web applications, and APIs; hands-on experience in offensive security activities is a strong plus
• Strong understanding of network protocols, operating systems (Windows, Linux), web and cloud technologies; familiarity with core banking architectures is a plus
• Knowledge of common offensive tools and techniques (e.g., Burp Suite, Metasploit, Cobalt Strike-like frameworks, Kali-based tools) and the ability to perform manual testing beyond the scope of these tools
• A solid understanding of secure coding practices and common application vulnerabilities (e.g., OWASP Top 10) to assess web and API targets
• Professional certifications such as OSCP, GPEN, or similar offensive security certifications in good standing
• Strong communication skills and the ability to explain complex technical findings to both technical and non-technical audiences

We offer

We offer a challenging and dynamic work environment and strive to be an employer of choice. Our values include:

• Responsibility: Taking responsibility for tasks and challenges, and continuous improvement
• Hands-on: Proactive and rapid delivery of high-quality results
• Passion: Commitment and pursuit of excellence
<