[Hiring] Senior Application Security Pentester @Semrush

Role Description

As a Senior Application Security Pentester, you will play a key role in strengthening our security posture by ensuring efficient security audits during the release process. Your expertise and proactive approach will help maintain the speed and quality of our software releases by identifying and mitigating vulnerabilities before they become critical issues. This role also offers the opportunity to contribute to the development and evolution of the Offensive Security function within the Security Department.

• Lead and conduct in-depth penetration tests on web applications, APIs, and other software components to identify complex security vulnerabilities.
• Analyze findings, prioritize risks, and provide strategic remediation recommendations while working closely with cross-functional teams.
• Develop and refine custom scripts and tools to automate and optimize security testing processes.
• Stay up to date with emerging threats, vulnerabilities, and industry trends to ensure proactive defense measures.
• Contribute to knowledge sharing and continuous improvement through research, training, and participation in internal and external security events (e.g., CTFs, meetups).
• Support the evolution of Offensive Security practices and processes within the Security Department.

Qualifications

• Deep knowledge of common vulnerabilities and industry standards such as the OWASP Top 10.
• Ability to read and understand code (e.g., Go, Java, Python) to identify security flaws.
• Familiarity with cloud environments and related security considerations.
• Strong analytical and problem-solving skills with attention to detail.

Requirements

• Experience using or building AI-assisted security testing solutions (not required but a plus).
• Certifications such as BSCP, OSWE, GWAPT, or similar (not required but a plus).
• Experience automating security tests in CI/CD pipelines (GitLab/GitHub CI/CD, YAML) (not required but a plus).
• Active participation in security communities or conferences (not required but a plus).
• Proficiency in scripting languages (e.g., Python, Bash) to automate tasks (not required but a plus).
• Published CVEs or bug bounty reports (not required but a plus).

Benefits

• Unlimited PTO
• Flexible working hours
• Inter Polska Health Insurance and Life Insurance co-financing
• Worksmile Cafeteria Program (available after 2 months of employment), including co-financing for the Multisport card
• Mental health support–private therapy sessions (in Polish and English)
• B2B contract is also an option
• Employee Referral Program
• Buddy Program
• Corporate events
• Teambuilding
• Training, courses, conferences

Company Description

Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization, pay-per-click, content, social media and competitive research campaigns and get measurable results from online marketing.

• We've been developing our product for 17 years.
• Awarded G2's Top 100 Software Products, Global and US Search Awards 2021, Great Place to Work Certification, Deloitte Technology Fast 500 and many more.
• In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker.
• 10,000,000+ users in America, Europe, Asia, and Australia have already tried Semrush.
• Over 1,700 people around the world are working on its development.
• The Semrush team is constantly growing.