Application Security Engineer / Penetration Tester

NIX is an IT Outsourcing company with a multinational client portfolio, specialized in the US

market. Our customers are leaders of software development in domains such as healthcare,
consulting services, global manufacturing of personal computers, consumer electronics and
business solutions. The wide variety of our projects is impressive to say the least. Among the
technology stacks we use are: Java, Kubernetes, Cloud provides, Node.JS, Angular, Python,
GO, C#, and many others. We’ll challenge you to grow as a specialist and make you proud of
being part of our success.

As a part of the Security team, you’ll work with product development teams to ensure security of
web/mobile applications and services.

Role and Responsibilities:

● Performs web and mobile applications vulnerability assessments and

penetration testing activities.
● Effectively communicate and coordinate with engineers, leads and
stakeholders to deliver quality and security to the product
● Write client reports with your findings and recommendations using your
top-notch English writing skills and exceptional attention to detail.
● Provides support to product owners in fixing vulnerabilities.
● Triage SAST and DAST scans findings
● Participates in development of team processes.
● Train and educate developers and teams in secure coding techniques
including use of supporting toolsets and enable them to self service
● Continuously develops professional knowledge and skills.
● English - Intermediate or higher

Required Technical and Professional Expertise:

● 3+ years of professional experience with web and mobile application security and
at least 1 year of ethical hacker/pentester experience.
● Strong knowledge of web and mobile security fundamentals
● Solid knowledge of testing methodologies (OWASP WSTG/MSTG or similar
application security methodologies)
● Strong understanding of the most critical security risks to web
applications(OWASP Top 10).
● Solid knowledge of the various vulnerability types, their root cause, exploitation
techniques and mitigation patterns
● Hands-on experience in web vulnerabilities finding and exploitation
 ● Hands-on experience in application security testing software and common
penetration testing tools (Kali Linux, Burp Suite, Metasploit, Nmap (NSE),
Acunetix, etc.)
● Knowledge of IT technologies (network protocols, Web, clouds, operating
systems, database systems)
● Basic knowledge of one or more multiplatform scripting languages. (eg. Python)
● Experience in software development practices and methodologies (SDLC)

Nice to Have:

● Programming/development experience.
● Knowledge of pipeline and CI/CD principles. Embed security across the CI/CD
roadmap (SSDLC)
● Understanding and hands on experience in cloud security (AWS/Azure).
● Experience in threat modeling activities.
● Bug bounty experience.
● Awareness of privacy and security regulations and compliance frameworks
● Relevant certifications such as OSCP, CEH, CompTIA PenTest+, etc.
● Ukrainian - Intermediate or higher

We are happy to offer:

● an environment full of comprehensive opportunities for personal growth;

● a friendly and supportive team of professionals;
● prospects for growth in a team with a 27-year history;
● support of your initiatives, advancement in personal growth on a position;
● improving your English;
● certification and participation in major industry conferences;
● flexible motivation viewing system.

If you feel you're ready to join this team, email your resume to jobs@nixstech.com or fill
out a resume form now, and put an online interview on your schedule at your
convenience. We're already looking forward to meeting you at:
viktor.nagy@nixstech.com