As a Senior Penetration Tester (m/f/d), you strengthen the security of our eCommerce platforms (web, APIs, and potentially mobile) through practical attack simulations. You not only identify vulnerabilities but also provide clear, actionable recommendations and support teams through to their sustainable remediation.
Key Responsibilities:
* Plan, coordinate and execute penetration tests including WEB APIs, Infrastructures & Cloud.
* Conduct threat- and abuse-case-based testing along typical eCommerce flows (account, cart, checkout, payment, vouchers, refunds), applying a "think like a bot operator" mindset.
* Produce high-quality reports (traceability, reproduction steps, risk, impact, remediation) and present findings to both technical teams and management.
* Advise engineering teams on fixes, verify remediations (re-tests), and continuously improve testing methodologies.
* Establish security standards (e.g., a "Definition of Done" for security) and drive automation/tooling initiatives.
Must-have:
* Several years of experience in penetration testing (senior level) with a focus on web/API; confident in manual testing (not limited to using scanners).
* Strong technical understanding (web architectures, OAuth, session handling, API design, common vulnerability classes).
* Excellent documentation and communication skills: able to explain findings precisely, prioritize recommendations, and align stakeholders.
* Experience with established methodologies/standards (e.g., OWASP Testing Guide/ASVS) and disciplined handling of scope and rules of engagement.
* English is frequently our project language: therefore, very good written and spoken English skills are required.
Nice-to-have:
* Experience with cloud penetration testing, AD/Kerberos topics, container/K8s environments, or mobile security.
* Relevant certifications (e.g., OSCP/OSWE or similar) or demonstrable practical offensive security achievements (write-ups, talks, bug bounty).