[Hiring] Security Pen Tester @Infios

Role Description

We are building a dedicated RED Team to strengthen the security of our SaaS platform. As a Penetration Tester, you will conduct internal offensive security assessments across our web applications, APIs, cloud environments, and emerging AI/LLM-based features. You will identify, exploit, and document vulnerabilities to help the organization stay ahead of modern adversaries. This is a hands-on technical role for someone who enjoys breaking things ethically, understanding how they work under the hood, and working closely with engineering and security teams to drive remediation.

What a day in the life looks like:

• Conduct in-depth penetration tests on web applications, APIs, microservices, and internal SaaS components.
• Perform manual vulnerability discovery and exploitation following OWASP methodologies.
• Simulate adversarial attack scenarios and participate in RED Team exercises.
• Conduct cloud-focused penetration tests and configuration reviews (AWS, OCI and Azure).
• Test LLM/AI features for prompt injection, jailbreaking, data leakage, model manipulation, and other emerging threats.
• Develop custom proof-of-concept exploits where applicable.
• Work closely with engineering and product teams to provide clear remediation guidance.

Qualifications

• 4+ years of hands-on experience in cybersecurity, with a focus on penetration testing.
• Strong understanding of OWASP Top 10 and practical experience exploiting them in real-world applications.
• Experience testing REST and GraphQL APIs.
• Solid understanding of web technologies (HTML, JavaScript, SQL, authentication mechanisms, etc.).
• Proven experience performing manual exploitation (not just tool-based scanning).
• Experience testing cloud-hosted applications and infrastructure (AWS, OCI and Azure).
• Knowledge of modern authentication (OAuth, JWT, SSO, SAML).
• Experience testing AI/LLM-powered features (Preferred, Not Mandatory).
• Knowledge of prompt injection, jailbreaks, RAG attacks, model extraction, data leakage vectors.

Requirements

• Proficiency with security testing tools: Burp Suite Pro, Nmap, Nikto, SQLMap, Postman/Insomnia, Metasploit.
• Ability to leverage AI/Copilot tools in daily workflow (payload generation, code review, exploit crafting).

Soft Skills

• Strong analytical and problem-solving skills.
• Ability to work independently and in a fast-paced RED Team environment.
• Excellent written and verbal communication skills.
• Curiosity-driven mindset with a passion for offensive security.

Preferred Certifications (Nice to Have)

• CEH, OSCP, OSWE, Burp Suite Practitioner, eWPT, eCPPT.
• Cloud certifications (Azure AZ-500, AWS Security Specialty).

Benefits

• At Infios, we're not just looking for employees; we're looking for partners in innovation, growth, and purpose.
• We meet you where you are to create the future you need.
• We equip you with the tools and opportunities to build the future you envision.
• We are committed to creating a safe and welcoming environment where every individual’s unique experiences and perspectives are valued.