Stefanini EMEA
Penetration Tester
Stefanini EMEANorway12 days ago
Full-timeInformation Technology
Job Description

We are searching for a Penetration Tester with experience in leading and executing highly technical penetration tests and security assurance engagements (web, API, mobile, infrastructure, cloud, and AI/GenAI applications) with minimal supervision.

Our client is one of the world's leading digital travel platforms, helping millions of users explore, book, and manage accommodations, transportation, and travel experiences across the globe. With a strong focus on innovation, seamless user experience, and data-driven solutions, the company operates on a large scale and supports a highly diverse international customer base. Their culture encourages collaboration, ownership, and continuous improvement, offering an environment where talented professionals can make a real impact on global travel.

Job Responsibilities:

  • Design new testing techniques and adapt industry best practices to the platform technical and cultural environment, including automation and CI/CD integration
  • Integrate threat modeling into the SDLC and proactively map attack paths for critical systems
  • Stay current with the latest vulnerabilities, threat actor TTPs, and threat intelligence relevant to the travel, hospitality, and ecommerce sectors
  • Provide actionable remediation guidance and communicate technical findings to both technical and non-technical stakeholders, up to CISO/CSO level
  • Mentor and train junior penetration testers and non-security technical staff to scale security impact across the organization
  • Manage and optimize the use of external vendors for penetration testing, ensuring value and ROI
  • Support incident investigations with offensive security testing as needed
  • Contribute to the mid- and long-term security assurance strategy, including threat landscape reporting and continuous improvement of testing methodologies

Job Requirements

  • 5+ years of hands-on experience in offensive security testing and engagement management
  • Expert-level skills in web application/API, infrastructure, and cloud penetration testing (AWS, GCP, Azure)
  • Experience with threat modeling methodologies (e.g., STRIDE, PASTA) and integrating security into SDLC/CI-CD pipelines
  • Strong knowledge of current vulnerabilities, exploitation techniques (RCE, buffer overflows, privilege escalation, etc.), and attacker TTPs
  • Familiarity with security testing for AI/GenAI applications and cloud-native environments is highly desirable
  • Proficiency with offensive security tools (BurpSuite, Kali Linux, etc.) and scripting languages (Python, Bash, PowerShell, Ruby)
  • Excellent communication and stakeholder management skills
  • Ability to design, manage, and maintain penetration testing labs/infrastructure
  • Analytical, organized, and able to work independently and as part of a multi-disciplinary team

Desirable Skills:

  • Experience with red/purple team operations and attack path mapping
  • Experience in security consulting, incident response, and threat intelligence
  • Knowledge of regulatory and compliance requirements (PCI, GDPR, etc.) as they relate to penetration testing

The preceding job description had been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties and responsibilities required of employees assigned to this job.

What's next:

It's best to apply today, because job postings can be taken down and we wouldn't want you to miss this opportunity. In case you need further information, just send us a message at [email protected] and we'll be happy to assist!

Diversity & Inclusion

Here at the Stefanini Group, we value plurality and equity, regardless of race, sexual orientation, disability, age, ancestry, religion, gender, and nationality. We understand and encourage the importance of being you!

About Us

We are the Stefanini group, a global tech consulting company of Brazilian origin that believes in the power of people to transform businesses through technology.

We are present in over 40 countries and operate with the purpose of co-creating solutions TOGETHER WITH OUR CLIENTS that accelerate results and improve the experience of people and organizations.

Here, we like to say that technology is not the end, but the means: what really matters are the people who drive it all.

Our mindset is AI First, meaning we invest in cutting-edge technology in everything we do, focusing on results for our clients.

We are a company, A GROUP, that breathes collaboration and offers a dynamic environment where you will learn by doing, grow alongside the team, and have space to contribute with ideas and projects.

More than just talking about digital transformation, we believe in real transformation that starts with people and impacts real businesses.

If you are looking for a place to develop, innovate, and be part of something bigger, the Stefanini Group is your place.

We want to inform you that there are currently scams targeting job seekers by falsely using our company's name, Stefanini. We sincerely apologize for any confusion or inconvenience this may have caused.

Please remember that legitimate job offers from Stefanini will always come through official channels, including direct communication with our trained recruiters. If you receive any unsolicited messages requesting payment or personal information, please disregard them.

If you suspect you've been targeted, please contact us immediately at [email protected] for verification.

Key Points to Remember:

  • Legitimate job offers only follow interviews conducted with our hiring managers or clients.
  • We will never ask for payment at any stage of the recruitment process.

Stay vigilant and feel free to reach out for verification. Your safety and security are our top priorities. Thank you for your understanding and cooperation.

Key Skills

Ranked by relevance
Apply