Security Specialist - Penetration Tester

Job Title: Security Specialist – Penetration Tester
Location: Warsaw, Poland (Hybrid – 2 days per week onsite)
Assignment Duration: 11 May 2025 – 10 August 2025 (with potential for extension)
Assignment Type: Contractor
Work Schedule: 5 days per week / 8 hours per day
Client: Leading Global Green Energy Major – Wind Sector

Role Summary

We are currently seeking an experienced Penetration Tester to support the cybersecurity initiatives of a major global player in the green energy sector. Based in Warsaw, this role involves hands-on penetration testing, security analysis, and collaboration with cross-functional teams to enhance application and cloud security.

Scope of Work

• Conduct internal penetration testing of web applications and APIs

• Perform cloud penetration testing across AWS, Azure, and/or GCP environments

• Review and assess firewall rules and network segmentation for misconfigurations and risk

• Provide comprehensive technical reports, including risk ratings and remediation guidance

• Support ad-hoc testing requirements from infrastructure and product teams

• Participate in scoping meetings, kickoff sessions, and post-assessment debriefs with stakeholders

• Ensure testing activities align with internal security standards and regulatory compliance

Work Location Requirements

• The consultant must be based in Warsaw, Poland

• A minimum of two days per week onsite attendance at the client’s office is mandatory

• Fully remote work is not permitted unless explicitly approved by the client

• Working remotely from outside Poland is not allowed without prior written authorisation and may result in immediate termination of the work order

Required Skills and Experience

• Strong hands-on experience in web application and API penetration testing, with knowledge of vulnerabilities such as OWASP Top 10, SSRF, and authentication bypass

• Cloud security assessment experience across AWS, Azure, and/or GCP platforms

• Ability to evaluate firewall rules and network architecture from a security perspective

• Proficiency with penetration testing tools such as Burp Suite Pro, Nmap, Nessus, Amass, and cloud-native tools like ScoutSuite and Prowler

• Excellent technical reporting skills, with the ability to produce clear, actionable findings for both technical and business audiences

• OSCP certification required; additional certifications such as OSWE, CCSK, or AWS Security Specialty are advantageous

• Strong communication skills and ability to work effectively with development, infrastructure, and security teams

Candidate Assessment Requirement

Applicants must complete the following challenge. Please include your answer in the Attachments section of your profile submission: