Penetration Testing Specialist

Responsibilities:

• Planning and executing penetration tests on internal and external infrastructure (Network, Active Directory, Windows/Linux servers);
• Security assessment of web applications (OWASP Top 10, business logic vulnerabilities, authentication/authorization flaws); 
• Analyzing attack paths in Active Directory environments (Kerberoasting, ACL abuse, delegation vulnerabilities, lateral movement scenarios);
• Evaluating discovered vulnerabilities based on risk level and preparing technical/management level reports;
• Collaborating with infrastructure and application teams during the remediation process, and retesting fixes;
• Working with the SOC team to test and improve detection rules;
• Participating in phishing simulations and social engineering assessments;
• Security assessment of AI-based systems and LLM-integrated applications (prompt injection, jailbreak, data leakage, OWASP Top 10 for LLM Applications test scenarios); 
• Effective use of AI-based tools in pentest processes (reconnaissance, payload generation, automating report preparation);
• Conducting the vulnerability management process: managing Rapid7 and Tenable Nessus scanners, configuring scan profiles, analyzing results, and filtering false positives; 
• Analyzing and prioritizing the impact of new CVEs on the infrastructure.

Requirements:

• At least 3 years of practical experience in information security, including at least 2 years in penetration testing;
• Practical certification requirement: OSCP or equivalent certification - CRTO, PNPT, eCPPT/eCPPTv2, GPEN, or similar. OSCP is preferred;
• Ability to independently conduct network and infrastructure penetration tests;
• Practical experience in the security assessment of Active Directory environments and a deep understanding of primary attack paths;
• Manual web application testing skills: detecting business logic, authentication, and authorization vulnerabilities beyond automated scan results;
• Practical experience with vulnerability scanners: configuring scans, triaging, and verifying results on Tenable Nessus, Rapid7 InsightVM/Nexpose, or similar solutions;
• Knowledge of post-exploitation, privilege escalation, and analysis of basic security configurations in Windows and Linux systems;
• Manual testing of API security, REST and GraphQL APIs for Broken Object Level Authorization (BOLA/IDOR), mass assignment, and rate limiting bypass;
• Cloud security, fundamental pentest scenarios in AWS / Azure / GCP environments (IAM misconfigurations, S3 bucket exposure, metadata service abuse)
• Understanding of Container / Microservice environment security, primary misconfiguration points in Docker and Kubernetes, and container escape scenarios;
• Proficiency in at least one scripting language (Python, PowerShell, or Bash) for automating test processes and developing simple tools when needed;
• Documenting findings in a clear, reproducible, and risk-based reporting format, and providing specific remediation recommendations;
• Fluent communication skills in Azerbaijani.
• English language proficiency for working with technical documentation and reports.

Preferred Knowledge and Skills: 

• Additional certifications: OSEP, OSWE, CRTP/CRTE, BSCP, or similar practical certificates.
• Understanding of EDR detection and evasion techniques.
• Understanding how attacks look from a log and detection perspective.
• Experience with C2 frameworks: Cobalt Strike, Sliver, Havoc, or similar tools.
• CTF participation, HackTheBox/TryHackMe profile, bug bounty experience, or personal security research: blog posts, CVEs, open-source tools, etc.
• Interest or practical experience in AI/LLM security: OWASP LLM Top 10, MITRE ATLAS, AI red teaming.
• Familiarity with AI-assisted pentest tools: PentestGPT, Burp AI, and similar solutions.

What We Offer:

• Meal allowance;
• Annual performance bonuses;
• Corporate wellness program: Voluntary health insurance and special discounts for gyms;

Note: Only candidates who meet the vacancy requirements will be contacted for the next stage

Interested candidates can apply by filling out the form in the Apply for job button.