Penetration Tester

Summary

Join Behavox's Information Security Assurance Red team as a Penetration Tester, contributing to the development and execution of penetration tests and vulnerability scanning activities. You will actively exploit vulnerabilities and help develop solutions to secure the enterprise and Behavox products. Responsibilities include developing and executing web application security testing plans, performing web application/network attack & penetration testing, documenting issues and assisting in their resolution, delivering security training, and conducting regular knowledge-sharing sessions. The ideal candidate will possess 5+ years of experience in penetration testing and ethical hacking, strong proficiency in web application security, and relevant industry certifications. Behavox offers a competitive compensation package, flexible work schedule, generous time-off policy, and a global mission.

Requirements

• A strong and genuine interest in Behavox, demonstrated by alignment with its mission, technologies, and approach to security
• 5+ years of experience in penetration testing and ethical hacking, including web applications, infrastructure, and cloud environments, with at least 2 years in Red Team operations and vulnerability exploitation using tools like Burp Suite, Metasploit, and custom scripts
• Strong proficiency in web application security, including deep familiarity with testing tools (e.g., Acunetix, Nessus, ZAP), OWASP Top 10, and secure coding practices across development languages such as Java and Python
• Skilled in technical communication and documentation, with the ability to clearly report findings, articulate technical risk, and align recommendations with security frameworks like MITRE ATT&CK, NIST, and OWASP
• Holds relevant industry certifications, such as OSCP, OSCE, CRTP, or CEH, demonstrating validated expertise in offensive security and a commitment to professional development

Responsibilities

• Developing and executing formal web application security testing plans to ensure the delivery of quality software applications. Involved in test planning, preparation and communication with the development team prior to security test execution
• Performs web application/network attack & penetration (A&P) testing to find security issues such as risks, defects, and logical errors. Collects and analyzes security data from manual, automatic and static source review, and integrates them to find the best way to address security issues to meet the needs of the business
• Documents all issues and assists in their resolution. Delivers security training and education to technical staff within findings and acts as an internal security consultant to advise or influence business or technical partners
• Provides quality web application security audits across the various IT functions to ensure quality standards, procedures and methodologies are being followed
• Conduct regular knowledge-sharing sessions with the team and stakeholders to enhance communication and collaboration
• Plan and execute targeted penetration tests on critical systems in collaboration with internal teams, identifying vulnerabilities and delivering actionable remediation guidance
• Collaborate with developers, IT, and DevSecOps teams to address code-level and system-wide vulnerabilities, providing expert guidance during assessments and reviews
• Exploit vulnerabilities and clearly communicate technical findings, attack paths, and mitigation steps through well-documented, risk-based reports for both technical and non-technical stakeholders
• Simulate real-world threats and advanced persistent attacks to test and evaluate the effectiveness of existing security controls and incident response
• Continuously research emerging threats and attack techniques, contributing to the organization's evolving security strategy and overall risk posture

Benefits

• A highly competitive cash compensation package with performance bonuses baked into salary payments
• A flexible work schedule that allows for Remote or Hybrid work as appropriate to the role and location
• A very generous time-off policy (30 days annually), with public holidays for your geography in addition