2,614 Open roles
98 Companies
54 Posted today
Jobs / BrainRocket / Senior Penetration Tester
This job is no longer available.

This position has been closed.

Posted 2026-05-22

Senior Penetration Tester

Description

We invite a Senior Penetration Tester to join our team. It's an office-based role – no remote or hybrid options.

Responsibilities
  • Lead end-to-end penetration testing engagements across web applications, APIs, mobile, internal and external networks and cloud (primarily AWS).
  • Run red-team and assumed-breach operations - initial access, privilege escalation, lateral movement, persistence, exfiltration - including against fraud and detection stacks.
  • Perform security reviews of cloud-native services, Kubernetes workloads, CI/CD pipelines, and microservices.
  • Discover and exploit vulnerabilities across real-money flows - payments, deposits and withdrawals, wallets, KYC / AML, bonus systems, and affiliate tracking.
  • Partner with product, engineering, AppSec, payments, and fraud teams to translate findings into concrete fixes and durable controls.
  • Develop custom tooling, scripts, and methodology where no out-of-the-box approach exists.
  • Build and validate declarative threat models and contribute to "secure by design" practice.
  • Mentor mid and junior testers, review their engagement plans and reports.
  • Track new CVEs, TTPs, MITRE ATT&CK updates, and regulator advisories - translate them into concrete changes here.
  • Support pre-sales scoping, effort estimation, and pre-certification engagements for new products and jurisdictions.
  • Serve as a trusted offensive-security advisor to product, engineering, and compliance teams.
Requirements
  • Minimum 4 years of hands-on penetration testing or offensive-security experience.
  • Proven track record across at least three of: web / API, internal, external network, cloud (AWS / GCP), mobile (iOS / Android).
  • OSCP or an equivalent in-the-box certification.
  • Strong working knowledge of SAST/SCA/DAST tooling, AWS/GCP, MITRE ATT&CK, OWASP ASVS / WSTG, PTES.
  • Understanding of the data flow, MVC model.
  • Understanding of supply chain attacks.
  • Good reporting skills.
  • Comfortable scripting in Python plus Bash.
  • Knowledge at least one of major cloud provider's IAM model.
  • Experience pentesting cloud-native systems and Kubernetes environments, plus the CI/CD pipelines around them (GitLab, GitHub Actions, Jenkins) and IaC (Terraform, Helm, CloudFormation).
  • Strong written and verbal communication in English .
  • Experience balancing security and business demands under release pressure.
  • Familiarity with industry regulations, frameworks, and practices: PCI DSS, ISO 27001, NIST, GDPR .

## PREFERRED QUALIFICATIONS:

  • One of offensive-security certifications: OSWE, OSEP, OSED, CRTO, BSCP, ARTE, GRTE .
  • In-depth experience architecting secure services on Kubernetes and AWS.
  • Prior iGaming, fintech, or payments domain experience.
  • Public CVEs, advisories, write-ups, conference talks.
  • HTB Pro Lab completions, real CTF placements.
  • Open-source contributions to offensive or defensive tooling.
Benefits
  • 24 vacation days annually.
  • 6 sick days without a medical certificate.
  • Premium Health Insurance (coverage up to 5,000 EUR annually).
  • Special occasion gifts: birthday, wedding, newborn.
  • Learning & Development budget (for conferences, courses and certifications).
  • Corporate events: international parties, team buildings, activities.
  • Career growth opportunities in a fast-growing company.
  • Relocation package for international candidates.
  • Sports package (FitPass membership).
  • Language classes: Serbian & English (company-covered).
Similar Active Jobs
BrainRocketHR & TalentSpain

Employee Experience Manager

The Employee Experience Manager is responsible for leading and executing internal cultural initiatives, events, and wellness programmes for the company's Spanish office. This role requires a highly organised individual to manage vendor relationships and ensure all employee experiences meet high quality standards. It is a notable opportunity for an experienced professional to take ownership of EE standards within a fast-paced, international environment. The position offers significant autonomy and the chance to collaborate with global HR teams.

On-siteFull-timeSeniorEnglish
2026-06-17
BrainRocketContent & SEOYerevan, Belgrade, Armenia, Serbia

Content Creator & SMM Project Manager

This role combines creative content production with structured project management to drive brand presence. You will be responsible for creating visual and written assets, managing content calendars, and coordinating workflows across teams. It is a notable opportunity for a creative professional to work in a fast-paced global tech environment with significant creative freedom.

On-siteFull-timeMid-level3+ yearsEnglish
2026-06-17
BrainRocketProduct & DevelopmentValència, Spain

Engineering Manager

BrainRocket is seeking an Engineering Manager to lead multiple Flutter teams in Valencia, Spain. The role involves owning the mobile engineering strategy, architecture, and delivery processes, as well as driving operational excellence and ensuring app quality. Key responsibilities include managing release cycles, CI/CD pipelines, and collaborating with cross-functional teams. This is an office-based role with relocation support for those needing to move to Valencia.

On-siteFull-timeLead3+ yearsEnglish
2026-06-16
BrainRocketProduct & DevelopmentWarsaw, Poland

Security Access Management Team Lead

BrainRocket is seeking an experienced Security Access Management Team Lead to join their Information Security team in Warsaw, Poland. This on-site role requires a candidate with over 5 years of information security experience, including at least 1 year in a team lead capacity. The position involves leading the Access Administration team, managing user access lifecycles, ensuring compliance with security principles, and supporting continuous improvement of IAM/PAM processes. The company offers excellent benefits, including career growth opportunities, partial compensation for language courses, and comprehensive medical insurance.

On-siteLead5+ yearsEnglish
2026-06-16
BrainRocketProduct & DevelopmentLisbon, Portugal

DevSecOps Engineer

BrainRocket is seeking a DevSecOps Engineer to join their team on-site in Lisbon, Portugal. This role focuses on developing and improving the company's DevSecOps culture, including secure Istio and Kubernetes setup, CI/CD security, and automation of security processes. Key responsibilities involve implementing security analysers, scanners, and Vault management systems. The ideal candidate will have experience with DevOps principles, Kubernetes, configuration management tools, cloud security, and infrastructure analysis for information security risks.

On-siteFull-timeMid-levelEnglish
2026-06-13