Jobs · justjoinit

L

Pentester WebAPP and API

Keystone AI · Warszawa · Posted 1d ago

remotemid5-8 yrs130-140 pln🇵🇱 Poland
Apply on justjoinit

Available in 2 locations

Remote · onsite Apply → Warszawa · remote Apply →

About the role

Lead and execute penetration tests across web applications, APIs, and networks.

Pentester WebAPP and API
Key Responsibilities (What You’ll Do)
– Advanced Technical Testing: Personally lead and execute end-to-end penetration tests across web applications, APIs, mobile apps (iOS/Android), cloud environments, and internal/external networks.
– Deep Active Directory Assessments: Perform sophisticated AD security testing, including privilege escalation, lateral movement, delegation/ACL abuse, and attack path analysis.
– Exploit Development: Write custom scripts, tooling, and proof-of-concept (PoC) exploits using Python, PowerShell, and/or Bash.
– End-to-End Engagement Management: Own the lifecycle of assignments—from initial scoping and effort estimation to final report delivery and remediation retesting.
– Quality Assurance & Pre-Sales: Review and QA technical findings/reports from the team, and provide technical input during scoping calls and proposal creation.
– Client & Stakeholder Communication: Act as the primary technical point of contact, translating complex technical risks into clear insights for both devs and non-technical executives.
– Experience: ~5+ years of hands-on offensive security experience, ideally within a cybersecurity consultancy or multi-client delivery environment.
– Core Depth: Proven expertise in at least three domains: web applications, network, mobile, or Active Directory testing.
– Tooling Infrastructure: Mastery of industry-standard tools (_Burp Suite, Nmap, Metasploit, BloodHound, Impacket, CrackMapExec/NetExec, Cobalt Strike_, Frida, etc.).
– Certifications (Minimum of ONE required):
– OSCP (Offensive Security Certified Professional)
– CRTP / CRTO (Active Directory/Red Team)
– CREST CRT / CPSA (CCT App or Infra strongly preferred)
– Soft Skills: Exceptional report-writing skills and fluent professional English.
– Advanced certifications (OSEP, OSWE, OSED, CRTE, SANS GXPN/GWAPT, or Cloud offensive certs).
– Prior experience within a Big 4 firm or an established boutique security consultancy.
– Hands-on exposure to AWS/Azure/GCP cloud environments and Kubernetes/containers.
– Active community presence: Published research, CVEs, open-source tooling contributions, conference talks, or top CTF achievements.

Read the full posting on justjoinit

FAQ

Is the Pentester WebAPP and API role at Keystone AI remote?+

This Pentester WebAPP and API position is listed as remote (Warszawa).

What is the salary for the Pentester WebAPP and API role at Keystone AI?+

The listing states 130-140 pln.

What seniority level is this Pentester WebAPP and API role?+

This is a mid level position.

How do I apply for the Pentester WebAPP and API role at Keystone AI?+

Use the "Apply on justjoinit" button to open the original posting on justjoinit, where you can submit your application directly to Keystone AI.