Penetration tester - SRE (Neo tech)

🔥Become a Luxoft employee🔥

Our Benefits:

💰Paid Referrals

💻Equipment: laptop and monitor

🩺Private Medical & Dental care & Life Insurance covered

🏋🏽 ♀️ MyBenefit program (sports card, well-being program etc.)

🌎 Internal Mobility program - possibility of rotation between projects, locations, accounts

🎓 LuxTalent platform (webinars, training, courses)

...and more!

Project Description:

You will be part of the Neo Dev Support, a global team that enables development teams to deliver business functionality into digital platforms. Working alongside engineers across multiple locations, you will contribute to a high-volume, dynamic platform, ensuring its stability and reliability.

Responsibilities:

- Conduct penetration tests on web, mobile, and API applications, focusing on authentication and entitlements.

- Test identity and access management components (IAM, SSO, OAuth/OIDC, SAML, MFA).

- Identify, document, and prioritize vulnerabilities; work with global engineering teams to remediate them.

- Prepare detailed reports with clear risk assessments and actionable recommendations.

- Automate repetitive testing tasks and integrate security testing into CI/CD pipelines.

- Review infrastructure-as-code (e.g., Terraform) for security issues.

- Participate in red/blue team exercises, threat modeling, and secure code reviews.

- Stay up to date with evolving authentication standards, security technologies, and attack vectors.

Mandatory Skills Description:

- Proven experience in penetration testing for web and API applications.

- Strong understanding of authentication and authorization protocols (OAuth2, OIDC, SAML, MFA, WebAuthn).

- Proficiency with tools such as Burp Suite Pro, OWASP ZAP, nmap, sqlmap, and vulnerability scanners.

- Ability to write custom scripts or exploits (Python, Bash).

- Solid grasp of OWASP Top 10, API Security Top 10, and vulnerabilities like XSS, CSRF, IDOR, and JWT attacks.

- Experience with IAM auditing and entitlement reviews.

- Strong Linux and networking fundamentals (HTTP/S, TLS, cryptography basics).

- Excellent communication skills in English, both written and verbal.

- Ability to collaborate with international development and DevOps teams.

Nice-to-Have Skills Description:

- Experience with cloud platforms (AWS, Azure, or GCP) and related IAM/KMS/HSM components.

- Familiarity with containerization and Kubernetes security.

- Relevant certifications (OSCP, CREST, eCPPT, etc.).

- Experience with Terraform security scanning and SAST/DAST integration in CI/CD pipelines.

- Exposure to red teaming or C2 frameworks.

- Understanding of large-scale distributed systems and token/session management.

- Knowledge of compliance frameworks (ISO 27001, SOC2, GDPR).

- Experience in secure code review and basic understanding of Java or Go.

Languages:

English: B2 Upper Intermediate