Job description

Penetration Tester

We are looking for an experienced Penetration Tester to join our global Bug Bounty Program team. In this role, you will handle the day-to-day operations of the program, acting as the key escalation point for reported vulnerabilities.

You will work closely with internal stakeholders and external researchers to validate findings, assess risks, and ensure effective remediation. This is a hands-on role that also supports continuous improvement of tooling, automation, and overall program maturity.

Work model: Hybrid – 6 days per month from the office in Cracow/ Warsaw, Poland.

Responsibilities

• Analyze, reproduce, and assess reported security vulnerabilities

• Perform root cause analysis and monitor remediation progress

• Collaborate with internal teams to communicate risks and coordinate fixes

• Engage with external researchers participating in the Bug Bounty Program

• Improve processes, tools, and workflows to scale the program

• Advise on secure development practices and vulnerability mitigation

• Help drive strategic improvements aligned with cybersecurity goals

Required Skills & Experience

• 4+ years of hands-on experience in penetration testing

• Strong communication skills in English (written and verbal)

• Expertise in at least one domain: infrastructure, web, or mobile testing

• Excellent knowledge of TCP/IP and common security vulnerabilities

• Experience with both manual and automated testing methods

• Familiarity with iOS and Android security models

• Scripting or programming proficiency

• Solid understanding of cryptographic principles in software

• Strong analytical and problem-solving skills

Preferred Qualifications

• Experience with Bug Bounty Programs

• Familiarity with OWASP MASVS/MSTG frameworks

• Knowledge of SAST, DAST, and IAST tools

• Code review skills (Java, Kotlin, Swift, Objective-C)

• Understanding of secure SDLC and DevOps pipelines

• Experience with enterprise applications and cloud environments

• Reverse engineering or mobile app disassembly skills

• Relevant certifications (e.g. OSCP, GPEN, CEH) are welcome but not required.

To learn more about Antal, please visit www.antal.pl