About the project

• As a Cybersecurity Test Analyst, you will be working for our client, a globally recognized financial services provider committed to strengthening its cybersecurity posture. You are contributing to a dynamic and rapidly evolving Bug Bounty Program, where identifying, analyzing, and helping remediate security vulnerabilities is key. You are engaging with internal teams and external researchers, ensuring clear communication, prioritizing threat reports, and driving improvements in tooling, automation, and process design. You are playing a vital role in reducing risk, improving secure development practices, and aligning the program with the broader cybersecurity strategy.
• Kraków - based opportunity with hybrid work model (6 days/month in the office).

Your responsibilities

• Analyzing and prioritizing security vulnerability reports from the Bug Bounty Program
• Reproducing and validating reported vulnerabilities to confirm impact
• Performing root cause analysis to support effective remediation
• Communicating with internal technical and non-technical stakeholders
• Engaging with external security researchers on reported findings
• Advising teams on secure development practices and remediation strategies
• Collaborating across departments to track and monitor resolution of findings
• Driving improvements in tooling, automation, and workflow efficiency
• Supporting the maturity and scalability of the Bug Bounty Program
• Documenting and maintaining records of findings and actions taken

Our requirements

• At least 4 years of hands-on experience in penetration testing
• Strong understanding of web, mobile, and infrastructure security testing
• Excellent communication skills in English, both written and verbal
• Proven programming or scripting experience in one or more languages
• Critical thinking skills and ability to articulate risks clearly
• Deep knowledge of TCP/IP and security implications of networking
• Familiarity with dynamic and static application security testing tools
• Understanding of software development lifecycles and DevOps environments
• Subject matter expertise in at least one pentesting domain
• Demonstrated ability to work independently and solve complex problems

Optional

• Previous participation in Bug Bounty Programs
• Experience with OWASP MASVS, MSTG, and mobile app security standards
• Security testing or development experience with iOS and Android platforms
• Knowledge of secure authentication mechanisms such as JWT, SAML, OAuth2
• Familiarity with security tools like SAST, DAST, and IAST
• Experience performing security code reviews in Java, Kotlin, Swift, or Objective C
• Background in enterprise cloud-hosted application testing
• Prior experience with mobile app reverse engineering or disassembly
• Practical knowledge of platform security models for iOS and Android
• Understanding of secure application design and cryptographic implementations

Technologies we use

What we offer

• Stable and long-term cooperation with very good conditions

• Enhance your skills and develop your expertise in the financial industry

• Work on the most strategic projects available in the market

• Define your career roadmap and develop yourself in the best and fastest possible way by delivering strategic projects for different clients of ITDS over several years

• Participate in Social Events, training, and work in an international environment

• Access to attractive Medical Package

• Access to Multisport Program

• Access to Pluralsight

• Flexible hours & remote work