Sunbytes

Tóm tắt công việc

As a Penetration Tester at Sunbytes, you will work directly with our international clients to assess the security of their systems and applications, helping them identify and remediate potential vulnerabilities. This role is partly client-facing and plays a key part in strengthening our clients’ security posture while reinforcing Sunbytes’ reputation as a trusted security partner.

• Deliver penetration testing services for Sunbytes’ clients, helping them identify, assess, and remediate security vulnerabilities across their systems and applications.
• Conduct security testing on mobile applications, web applications, APIs, and network infrastructures for clients based in the APAC, EU, and the US.
• Provide professional, client-ready security reports, clearly explaining identified risks, exploitation techniques, and practical remediation recommendations for both technical and non-technical stakeholders.
• Act as a trusted security partner to clients by communicating findings clearly and supporting them in improving their overall security posture.
• Collaborate with international security and engineering teams and contribute to the continuous improvement of Sunbytes’ security methodologies and internal tools.

What can you expect from us

• A challenging and supportive work environment with opportunities to develop your career 
• A dynamic and international team, providing a great career journey
• 16 days annual leave
• 3 sick days per year
• 4 creative days per year where you can explore new techniques and possibilities
• Premium Health Insurance 24/7
• Cover Social Insurance as local law

• Minimum 3 years of hands-on experience in penetration testing.
• Proven experience participating in CTF competitions and/or reputable bug bounty programs (please include relevant links or BugCrowd/HackerOne profiles in your CV).
• Demonstrated experience in identifying and exploiting high-impact security vulnerabilities (kindly list relevant CVE references if applicable).
• Solid understanding of mobile applications, network security, system vulnerabilities, and common penetration testing tools such as Burp Suite, Metasploit, Nmap, etc.
• Hands-on experience with vulnerability assessment methodologies and tools.
• Strong knowledge of OWASP Top 10 vulnerabilities, with the ability to develop and present proof-of-concept (PoC) exploits.
• Experience in red team operations is a strong plus.
• Relevant industry certifications such as OSCP, OSWE, GPEN, or equivalent are highly desirable.
• English proficiency: good reading and writing skills, with basic verbal communication ability.

Soft skills:

• Good communication and problem-solving abilities.
• Ability to collaborate across teams and work in a dynamic, fast-paced environment.
• A passion for continuous learning and adapting to new challenges.