Penetration Tester (Cybersecurity)

TL;DR

Penetration Tester (Cybersecurity): Performing thorough penetration tests of web, mobile, and API applications with an accent on source code review, reverse engineering, and vulnerability chaining. Focus on proving impact through whitebox testing, developing detailed remediation reports, and analyzing AI/LLM weaknesses.

Location: Remote (Australia). Initial onboarding may require after-hours work to align with Eastern Time Zone (Canada/US).

Company

hirify.global is a security firm dedicated to providing expert-level penetration testing services that avoid the pitfalls of simple vulnerability assessments to ensure true digital security.

What you will do

• Perform penetration testing of web applications, mobile applications, thick clients, and APIs.
• Conduct source code review and whitebox testing to prove the impact of application flaws.
• Reverse engineer mobile and thick client applications.
• Chain application flaws to other areas, such as cloud and on-prem AD infrastructure.
• Develop detailed technical and executive reports on findings and remediations.
• Perform SAST and DAST on enterprise, SaaS, and custom in-house applications.

Requirements

• Must be based in Australia.
• OSCP or Burp Suite certification is mandatory.
• 3-5 years of experience in penetration testing and consulting (preferred).
• Solid working knowledge of C, C#, Python, Objective-C, Java, JavaScript, and SQL.
• Extensive experience using attack proxies, specifically Burp Suite.
• Post-secondary college or university degree.

Nice to have

• Professional qualifications such as OSWE or BSCP.
• Understanding of AI/LLM weaknesses and flaws in applications.
• Experience with AngularJS and various web service formats (XML, JSON, SOAP, REST, AJAX).

Culture & Benefits

• Immediate and continual offensive security training.
• Passionate, high-standard team environment.
• Competitive compensation and professional growth opportunities.
• Flexible scheduling options to support time zone transitions.