Penetration Tester – Web, API & Infrastructure Security

Who We Are

Recruitment.bg is a boutique IT recruitment company, based in Bulgaria. We aim to work with the top employers in the industry, companies that we thoroughly vet and trust. Our mission is to guide IT professionals toward improved career paths by understanding their skills, crafting employment strategies, and supporting them every step of the way. Placing emphasis on honesty, respect and reliability while delivering exceptional service by ‘going the extra mile’ we build long term relationships with the people and organizations we work with.

We are partnering with a large-scale international product company developing high-traffic online platforms operating across multiple regulated markets. The systems process real-time transactions and integrate complex modules such as Games, Payments, CRM and Security.

For their Operations Department, we are looking for a Penetration Tester who enjoys hands-on security testing and wants to work in an environment where vulnerabilities are real, not theoretical.

The Role

• You will conduct supervised penetration testing across:
• Web applications and APIs
• Mobile applications
• Internal and external infrastructure
• Your focus will be identifying, validating, and documenting security weaknesses in complex, production-grade systems.

Key Responsibilities

• Perform manual and tool-assisted penetration testing
• Validate findings from automated scanners
• Reproduce vulnerabilities and gather verifiable evidence
• Prepare structured security reports (impact, likelihood, remediation)
• Map findings to OWASP, CWE, CVE, MITRE ATT&CK
• Retest fixes and confirm remediation
• Maintain attack paths, PoCs, and documentation
• Contribute to improving internal security playbooks

Requirements

• Solid understanding of TCP/IP, DNS, HTTP/S, TLS
• Knowledge of OWASP Top 10 (Web & API)
• Practical understanding of common attack vectors (Injection, XSS, SSRF, Access Control, Auth flaws, etc.)
• Experience with tools like Burp Suite, Nmap, Metasploit, SQLmap, ffuf
• Familiarity with Linux & Windows environments
• Basic scripting skills (Python, Bash, PowerShell)
• Ability to clearly document findings
• Good operational discipline and attention to detail

Nice to have:

• Cloud exposure (AWS, Azure, GCP)
• CTF participation or personal labs
• Entry-level certifications (eJPT, PNPT, Security+, CEH)

What’s Offered

• Competitive salary + annual bonus
• Twice-yearly salary review
• 25 days annual leave
• Hybrid model (3 office / 2 remote)
• Premium health insurance
• Professional development and security-focused projects
• Modern office and collaborative culture

All applications will be treated as strictly confidential.

Only short-listed candidates will be contacted.

[GV]