Penetration Tester
Andersen · 3 000–5 000 RUB · Puerto Rico, Palestine, State of, Portugal, Palau, Paraguay, Qatar, Åland Islands, Andorra, The United Arab Emirates, Afghanistan, Antigua and Barbuda, Anguilla, Albania, Armenia, Angola, Antarctica, Argentina, American Samoa, Réunion, Austria, Australia, Aruba, Azerbaijan, Romania, Bosnia and Herzegovina, Barbados, Serbia, Belgium, Burkina Faso, Rwanda, Bulgaria, Bahrain, Burundi, Benin, Saint Barthélemy, Bermuda, Brunei Darussalam, Plurinational State of Bolivia, Saudi Arabia, Solomon Islands, Bonaire, Sint Eustatius and Saba, Seychelles, Brazil, The Sudan, The Bahamas, Bhutan, Sweden, Singapore, Bouvet Island, Saint Helena, Ascension and Tristan Da Cunha, Botswana, Slovenia, Svalbard and Jan Mayen, Belarus, Belize, Slovakia, Sierra Leone, San Marino, Senegal, Somalia, Canada, Suriname, South Sudan, The Cocos (Keeling) Islands, Sao Tome and Principe, The Democratic Republic of the Congo, El Salvador, The Central African Republic, The Congo, Sint Maarten (Dutch Part), Switzerland, The Syrian Arab Republic, Côte D'ivoire, Eswatini, The Cook Islands, Chile, Cameroon, Colombia, The Turks and Caicos Islands, Costa Rica, Chad, The French Southern Territories, Cuba, Togo, Cabo Verde, Curacao, Christmas Island, Tajikistan, Cyprus, Tokelau, Czech Republic, Timor-Leste, Turkmenistan, Tunisia, Tonga, Turkey, Trinidad and Tobago, Germany, Tuvalu, Tanzania, the United Republic of, Djibouti, Denmark, Dominica, The Dominican Republic, Ukraine, Uganda, Algeria, The United States Minor Outlying Islands, Ecuador, USA, Estonia, Egypt, Western Sahara, Uruguay, Uzbekistan, The Holy See, Eritrea, Saint Vincent and the Grenadines, Spain, Ethiopia, Bolivarian Republic of Venezuela, British Virgin Islands, U.S. Virgin Islands, Vanuatu, Finland, Fiji, The Falkland Islands (Malvinas), Federated States of Micronesia, The Faroe Islands, France, Wallis and Futuna, Gabon, The United Kingdom of Great Britain and Northern Ireland, Samoa, Grenada, Georgia, French Guiana, Guernsey, Ghana, Gibraltar, Greenland, The Gambia, Guinea, Guadeloupe, Equatorial Guinea, Greece, South Georgia and the South Sandwich Islands, Guatemala, Guam, Guinea-Bissau, Guyana, Kosovo, Hong Kong, Heard Island and Mcdonald Islands, Honduras, Croatia, Yemen, Haiti, Hungary, Mayotte, Ireland, Israel, Isle of Man, India, The British Indian Ocean Territory, South Africa, Iceland, Italy, Zambia, Jersey, Zimbabwe, Jamaica, Jordan, Japan, Kenya, Kyrgyzstan, Cambodia, Kiribati, The Comoros, Saint Kitts and Nevis, Korea Republic, Kuwait, The Cayman Islands, Kazakhstan, The Lao People's Democratic Republic, Lebanon, Saint Lucia, Liechtenstein, Liberia, Lesotho, Lithuania, Luxembourg, Latvia, Libya, Morocco, Monaco, The Republic of Moldova, Montenegro, French Part Saint Martin, Madagascar, The Marshall Islands, North Macedonia, Mali, Myanmar, Mongolia, Macao, The Northern Mariana Islands, Martinique, Mauritania, Montserrat, Malta, Mauritius, Maldives, Malawi, Mexico, Malaysia, Mozambique, Namibia, New Caledonia, The Niger, Norfolk Island, Nigeria, Nicaragua, The Netherlands, Norway, Nepal, Nauru, Niue, New Zealand, Oman, Panama, Peru, French Polynesia, Papua New Guinea, Poland, Saint Pierre and Miquelon, Pitcairn · сайт компании · опубликовано 1 июня 2026 г.
Описание вакансии
Andersen is hiring a Penetration Tester to strengthen application and infrastructure security across international digital projects.
Andersen is a pre-IPO software development company providing a full cycle of services. For over 19 years, we have been helping enterprises and middle-sized firms worldwide transform their businesses by creating effective digital solutions using innovative technologies.
Today, we are working with organizations from various parts of the world, including North America, Western Europe, Israel, Australia, and the UAE. Our expertise covers FinTech, Healthcare, Retail, Telecom, Media & Entertainment, Logistics, Travel & Hospitality, eCommerce, and other industries.
Responsibilities
Conducting and facilitating customer workshops.
Communicating with leads and stakeholders during pre-sales calls.
Gathering and analyzing business and technical requirements.
Preparing scope estimations for commercial proposals, including ballpark and detailed estimations.
Performing penetration tests of web servers, web applications, and internal infrastructure.
Managing the application security program, including the implementation of SSDLC for a highly dynamic and extensive engineering team.
Managing internal bug bounty program, validating and triaging findings, following up on remediation guidelines.
Reviewing the IaC codebases for security misconfigurations and weaknesses, as well as securing GitOps CI/CD pipelines.
Integrating and tuning SAST/DAST tools (CodeQL, SonarQube, Burp Enterprise) to optimize build performance and vulnerability detection.
Securing cloud-native infrastructure (Azure, AWS) and Kubernetes clusters through custom policies and runtime protection.
Implementing security best practices for Linux and Windows servers as part of the hardening process.
Administering networking hardware and firewalls (Cisco ASA, pfSense) with security best practices in mind.
Supporting the development and implementation of information security policies across an extensive, nation-spanning digital infrastructure.
Assisting in the implementation of security solutions such as NGFW, EDR, IDS/IPS.
Shadowing penetration tests conducted by senior testers.
Performing tasks, such as information gathering, vulnerability analysis, and report writing.
Performing security audits on network devices to assure conformity to security best practices.
Requirements
Strong hands-on experience in Application Security / Penetration Testing for 2+ years.
Deep expertise in web application penetration testing and vulnerability assessment.
Experience securing cloud-native environments (AWS and/or Azure).
Practical knowledge of SSDLC implementation and secure development practices.
Experience reviewing and securing CI/CD and GitOps pipelines.
Strong understanding of IaC security (Terraform, Ansible, infrastructure code reviews).
Experience with Kubernetes/container security.
Hands-on experience with security tooling such as Burp Suite, Metasploit, Trivy, Falco, SAST/DAST tools.
Strong networking and infrastructure security knowledge (TCP/IP, firewalls, routing, switching).
Experience performing infrastructure/network penetration testing.
Strong Linux and Windows security hardening knowledge.
Scripting skills (Python, Bash, PowerShell).
Experience writing technical security reports and communicating findings to engineering/business stakeholders.
Experience working directly with developers to remediate vulnerabilities.
Understanding of security standards/compliance frameworks (SOC2, ISO27001, etc.).
Ability to work independently in a self-managed environment.
Level of English – Upper-Intermediate and above.
Nice to have
OSCP certification.
Experience with bug bounty programs.
Experience with threat modeling exercises.
Knowledge of Active Directory security and common exploitation techniques.
Experience with VMware/vSphere or virtualization technologies.
Experience building or improving security logging/monitoring infrastructure.
Experience defining or implementing enterprise security policies.
Experience with blue team / defensive security activities.
Exposure to large-scale enterprise environments.
Experience working in product companies rather than only outsourcing/consulting.
Experience securing high-load or data-intensive applications.
Familiarity with DevSecOps practices and security automation.
Previous mentoring or technical leadership experience.
Experience coordinating with cross-functional stakeholders and engineering teams.
Why join us
Experience in teamwork with leaders in FinTech, Healthcare, Retail, Telecom, and others. Andersen cooperates with such businesses as Samsung, Siemens, Johnson & Johnson, BNP Paribas, Ryanair, Mercedes, TUI, Verivox, Allianz, T-Systems, etc..
The opportunity to change the project and/or develop expertise in an interesting business domain.
Job conditions – you can work both fully remotely and from the office or can choose a hybrid variant.
Guarantee of professional, financial, and career growth! The company has introduced systems of mentoring and adaptation for each new employee.
The opportunity to earn up to an additional 1,000 USD per month, depending on the level of expertise, which will be included in the annual bonus, by participating in the company's activities.
Access to the corporate training portal, where the entire knowledge base of the company is collected and which is constantly updated.
Bright corporate life (parties / pizza days / PlayStation / fruits / coffee / snacks / movies).
Certification compensation (AWS, PMP, etc).
Referral program.
English courses.
Private health insurance and compensation for sports activities.
Join us!