[Hiring] Security Pen Tester @Infios

Role Description

We are building a dedicated RED Team to strengthen the security of our SaaS platform. As a Penetration Tester, you will conduct internal offensive security assessments across our web applications, APIs, cloud environments, and emerging AI/LLM-based features. You will identify, exploit, and document vulnerabilities to help the organization stay ahead of modern adversaries. This is a hands-on technical role for someone who enjoys breaking things ethically, understanding how they work under the hood, and working closely with engineering and security teams to drive remediation.

What a day in the life looks like:

• Conduct in-depth penetration tests on web applications, APIs, microservices, and internal SaaS components.
• Perform manual vulnerability discovery and exploitation following OWASP methodologies.
• Simulate adversarial attack scenarios and participate in RED Team exercises.
• Conduct cloud-focused penetration tests and configuration reviews (AWS, OCI and Azure).
• Test LLM/AI features for prompt injection, jailbreaking, data leakage, model manipulation, and other emerging threats.
• Develop custom proof-of-concept exploits where applicable.
• Work closely with engineering and product teams to provide clear remediation guidance.

Security Automation & Tools:

• Use and customize security testing tools (Burp Suite, ZAP, Nmap, SQLMap, etc.).
• Develop scripts or small tools for automation or exploitation (Python, Bash, PowerShell, etc.).
• Effectively use AI tools (Microsoft Copilot, Claude etc.) to accelerate testing, generate payloads, summarize findings, and produce documentation.

Documentation & Reporting:

• Create clear, detailed technical reports with reproduction steps and exploit evidence.
• Present findings to technical and leadership teams.
• Contribute to threat models and risk assessments.

Qualifications

• 4+ years of hands-on experience in cybersecurity, with a focus on penetration testing.
• Strong understanding of OWASP Top 10 and practical experience exploiting them in real-world applications.
• Experience testing REST and GraphQL APIs.
• Solid understanding of web technologies (HTML, JavaScript, SQL, authentication mechanisms, etc.).
• Proven experience performing manual exploitation (not just tool-based scanning).
• Experience testing cloud-hosted applications and infrastructure (AWS, OCI and Azure).
• Knowledge of modern authentication (OAuth, JWT, SSO, SAML).

Requirements

• AI/LLM Security (Preferred, Not Mandatory)
• Experience testing AI/LLM-powered features.
• Knowledge of prompt injection, jailbreaks, RAG attacks, model extraction, data leakage vectors.

• Proficiency with:
  • Burp Suite Pro
  • Nmap
  • Nikto
  • SQLMap
  • Postman/Insomnia
  • Metasploit
  • SAST/DAST tools (optional)
• Ability to leverage AI/Copilot tools in daily workflow (payload generation, code review, exploit crafting).

Soft Skills

• Strong analytical and problem-solving skills.
• Ability to work independently and in a fast-paced RED Team environment.
• Excellent written and verbal communication skills.
• Curiosity-driven mindset with a passion for offensive security.

Preferred Certifications (Nice to Have)

• CEH, OSCP, OSWE, Burp Suite Practitioner, eWPT, eCPPT
• Cloud certifications (Azure AZ-500, AWS Security Specialty)

Benefits

• At Infios, we're not just looking for employees; we're looking for partners in innovation, growth, and purpose.
• Meeting you where you are to create the future you need is at the core of who we are and what we do.
• We believe the future is better when supply chains work better.
• We are an equal-opportunity employer and committed to inclusion in the workplace.