Role Summary
\n
¿Le interesa este puesto? Puede encontrar toda la información relevante en la descripción a continuación.
\n
At Ackcent Cybersecurity, we share a common goal: protecting our customers' assets from cyber threats through high-quality service and transparent communication.
\n
We are looking for a professional who is not only a skilled pentester but also has a strong programming background. In this role, you will work within our Red Team (RT), specializing in Web Security Audits and SAST (Static Application Security Testing). You will be responsible for identifying vulnerabilities from the outside-in (Pentesting) and the inside-out (Code Analysis), helping our clients build more resilient applications.
\n
Responsibilities
\n
· Web & Infrastructure Pentesting: Perform high-quality security audits, penetration tests, and vulnerability assessments on web applications and environments.
\n
· SAST & Code Review: Execute Static Application Security Testing (SAST) to identify logical and security flaws within the source code. (If you aren't an expert in specific SAST tools yet, we will provide the training, but a strong ability to read and understand code is essential).
\n
· Technical Documentation: Create clear deliverables and /\"attack paths./\" You must be able to present findings and security recommendations effectively to both technical teams and stakeholders.
\n
· Tool Development: Propose and develop internal scripts or tools to improve the team’s auditing efficiency and automation.
\n
· Client Collaboration: Act as a technical bridge, ensuring the quality of the service and responding to client requirements with a focus on problem-solving.
\n
Qualifications
\n
Minimum qualifications
\n
· Experience: 2+ years of experience in Web Pentesting or Red Team environments.
\n
· Programming Skills: Proficiency in reading and understanding code (e.g., Python, JavaScript, Java, .NET, or PHP). You should feel comfortable auditing logic within a codebase.
\n
· Technical Expertise: Understanding and knowledge of OWASP methodology.
\n
· Proven experience identifying and exploiting web application vulnerabilities.
\n
· Knowledge of Linux/Windows OS and network fundamentals.
\n
· Languages: English fluency (B2 level or higher).
\n
· Soft Skills: Ability to explain complex technical concepts to non-technical people (humility is key).
\n
Idóneo qualifications
\n
· Certifications: OSCP, eWPTX, OSWE, CRTO...
\n
· SAST Experience: Familiarity with tools like Checkmarx, Fortify, SonarQube, or Snyk.
\n
· Education: Degree in Computer Science, Telecommunications, or equivalent experience/self-taught background.
\n
Who you are
\n
We value humility and a collaborative spirit. xugodme We are looking for someone who isn't afraid to ask /\"why/\" or /\"how,/\" who stays current with ethical hacking best practices, and who enjoys working in a highly collaborative environment. If you love breaking things but are even more passionate about understanding how they are built, we want to meet you.