Penetration Tester
F-Secure CorporationFinland1 day ago
Full-timeRemote FriendlyInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
F-Secure makes every digital moment more secure, for everyone. For over 35 years, we’ve led the cyber security industry, protecting tens of millions of people online together with our 200+ service provider partners. We value our Fellows' individuality, with an inclusive environment where diversity drives innovation and growth. What makes you unique is what we value – be yourself, that is (y)our greatest asset. Founded in Finland, F‑Secure has offices in Europe, North America and Asia Pacific.
About
Are you passionate about finding vulnerabilities before attackers do? Do you enjoy digging into APIs, cloud backends, and applications to uncover weaknesses, and then helping teams understand and fix them? We’re expanding our internal security capabilities and are now looking for a:
Penetration Tester
As a Penetration Tester, you’ll focus on verifying and improving the security of F-Secure’s products and platforms. Your main scope will include penetration testing of API endpoints and AWS-based backend services (including infrastructure level), with opportunities to test desktop and mobile applications as well. Please note that this is an internal penetration tester role and does not include customer or external consulting engagements. We welcome candidates at all experience levels – from junior professionals eager to grow in security to senior experts looking for their next challenge.
You’ll work closely with development teams to not only identify vulnerabilities but also to explain them from an attacker’s point of view, guiding teams in patching and helping them build more secure systems for the future. This role reports to the Head of Software Security and collaborates with Security Engineers and developers across the Technology function.
Key Responsibilities
A security vetting will possibly be conducted for the selected candidate in accordance to our employment process.
If your LinkedIn account is up to date and informative, no need to prepare a CV, just leave us a link to your profile.
,
About
Are you passionate about finding vulnerabilities before attackers do? Do you enjoy digging into APIs, cloud backends, and applications to uncover weaknesses, and then helping teams understand and fix them? We’re expanding our internal security capabilities and are now looking for a:
Penetration Tester
As a Penetration Tester, you’ll focus on verifying and improving the security of F-Secure’s products and platforms. Your main scope will include penetration testing of API endpoints and AWS-based backend services (including infrastructure level), with opportunities to test desktop and mobile applications as well. Please note that this is an internal penetration tester role and does not include customer or external consulting engagements. We welcome candidates at all experience levels – from junior professionals eager to grow in security to senior experts looking for their next challenge.
You’ll work closely with development teams to not only identify vulnerabilities but also to explain them from an attacker’s point of view, guiding teams in patching and helping them build more secure systems for the future. This role reports to the Head of Software Security and collaborates with Security Engineers and developers across the Technology function.
Key Responsibilities
- Perform penetration testing on APIs, backend services (including AWS infrastructure), and—when relevant—desktop and mobile applications
- Produce clear, developer-oriented reporting of findings to ensure vulnerabilities are well understood and actionable
- Collaborate with development teams to guide remediation and verify fixes
- Share attacker perspectives to support threat modeling and secure design practices
- Contribute to building a culture of security by bringing offensive security insights into the software development lifecycle
- We encourage applications from candidates at all career stages. Whether you're a junior professional looking to grow your security expertise or a senior practitioner seeking new challenges, we'd love to hear from you
- Understanding of secure software development practices and vulnerability classes
- Familiarity with penetration testing of web, desktop and/or mobile applications
- Strong hands-on experience in penetration testing of APIs and cloud backends (preferably AWS) and proficiency with industry-standard penetration testing tools and security assessment frameworks
- Ability to communicate findings clearly to development teams, bridging the gap between technical detail and practical remediation guidance
- A collaborative mindset and curiosity to work across organizational boundaries, guiding and reviewing security practices beyond testing activities
- Experience supporting secure software development lifecycles (Secure SDLC)
- Software engineering background preferred – experience in programming languages and frameworks to better understand application logic and code-level vulnerabilities
- Experience with structured security assessment frameworks such as the OWASP ASVS, NIST Cybersecurity Framework, or similar methodologies for comprehensive security evaluations
- Code review capabilities or a background in threat modeling and secure design reviews – ability to identify security flaws at the source code or architecture design levels
- Relevant certifications (e.g., OSCP, GPEN, CSSLP, AWS Security Specialty)
- Welcome to the good side – the home of scam protection! Work with industry-leading experts defining the future of cybersecurity and scam protection.
- Thrive in our Fellowship culture where we empower, trust, challenge, and support each other in doing our best work.
- Flexible work that works for you – hybrid and remote options with team-agreed ways of working.
- Inclusive environment with flat, approachable leadership in our diverse global community.
- Comprehensive global benefits including Employee Share Savings Plan (ESSP), Fellow Member of the Board opportunities, and Annual Protect & Educate paid volunteer day.
- Wellbeing support through personal coaching services and one hour per week for personal recharging.
- Continuous growth via F-Secure Academy, Leadership programs, AI training, mentoring, and dedicated Learning Week.
A security vetting will possibly be conducted for the selected candidate in accordance to our employment process.
If your LinkedIn account is up to date and informative, no need to prepare a CV, just leave us a link to your profile.
,
Key Skills
Ranked by relevanceReady to apply?
Join F-Secure Corporation and take your career to the next level!
Application takes less than 5 minutes