Application Security Specialist/Web-pentester

Position details

Seniority: Middle +

Work format: Office

Location: Cyprus, Serbia

Conduct penetration testing of web applications (white/grey/black box testing depending on the situation and requirements)
Prepare recommendations and guidance for remediating identified vulnerabilities
Collaborate with development teams to fix issues and implement security best practices
Mentor and support colleagues
Participate in the development of DevSecOps tooling

4+ years of experience in web application security (including experience with the technology stack used in the project)
Strong proficiency with web application security testing and analysis tools (particularly Burp Suite) for both manual and automated testing
Experience collaborating effectively with development teams: ability to clearly communicate risks, discuss vulnerabilities, and provide practical remediation recommendations
Strong communication skills, enabling constructive dialogue and effective alignment on security-related matters
Professional certifications (OSCP, OSWE, Burp Suite Certified Practitioner)
Participation in well-known CTF competitions, either as part of a team or individually
Ranking on Hack The Box (HTB) or similar platforms
Successfully submitted vulnerabilities in bug bounty programs

Work schedule: 5/2 with a flexible start time between 8:00 AM and 10:00 AM
Salary discussed following the interview
Annual performance-based bonus
Official employment under the Labor Law of Cyprus or Serbia (office-based format)
Paid vacation, sick leave, and 4 additional days offFree breakfast and lunch provided at the office
50% corporate discount on English lessons via the SkyEng platform
Corporate events for employees and their family members
Company-sponsored relocation available
Additional terms discussed individually depending on the candidate’s location