Penetration Tester

Title - Security Engineer - Runtime Platform Security

Location - Warsaw, Poland (Onsite)

Duration - 31 December 2025

Responsibilities

Conduct penetration testing and vulnerability assessments on large distributed systems written in C++, Python, and Go.

Identify and exploit security vulnerabilities in containerized environments, including Docker, Kubernetes, and related technologies.

Develop and maintain security testing tools and methodologies to automate vulnerability detection.

Collaborate with software engineers to implement security best practices throughout the software development lifecycle.

Provide security consulting to development teams within the Runtime Platforms group, advising on secure design and implementation.

Interface with internal Tech Risk organization to ensure compliance with security policies and regulations.

Participate in code reviews, design reviews, and threat modelling exercises.

Document security findings and recommendations in a clear and concise manner.

Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques.

Assist in incident response activities, including forensic analysis and root cause analysis.

Develop and deliver security training to development teams.

Basic Qualifications:

Experience working with security tools and frameworks.

Extensive experience in penetration testing and vulnerability assessment of distributed systems.

Strong programming experience in C++, Python, and/or Go.

Deep understanding of security principles and best practices.

Excellent networking fundamentals.

Deep understanding of the Linux operating system.

Familiarity with container technologies such as Docker, Kubernetes, and related security concepts.

Strong analytical and problem-solving abilities; comfortable diving into unfamiliar, complex codebases and systems.

An ability to consider risk holistically and make reasoned security trade-offs.

Excellent communication and interpersonal skills, with the ability to effectively communicate security risks to both technical and non-technical audiences.

Preferred Qualifications:

Industry certifications such as OSCP, CEH, or CISSP.

Experience with cloud security (AWS, GCP, Azure).

Experience with security automation and orchestration tools.

Contributions to open-source security projects.

Familiarity with common security frameworks and standards (e.g., NIST, OWASP).

Experience with reverse engineering and malware analysis.

Background in incident response and digital forensics.