Junior Offensive Security Consultant

About the role

We are looking for a Junior Offensive Security Consultant to join our security team and perform hands‑on web application and API penetration testing. The role focuses on authorized testing, vulnerability validation, evidence collection and remediation verification, working under senior security professionals.

Key responsibilities

• Execute web application and API penetration tests, including mapping, scope definition, testing, evidence collection and retesting.
• Assess authentication, authorization, session management, access controls, input validation, JWT/token handling, and business logic.
• Validate vulnerabilities such as IDOR/BOLA, broken access control, injection flaws, SSRF, privilege escalation and misconfigurations.
• Document findings with clear technical reports, remediation guidance and retest observations.
• Collaborate with developers, security leads and stakeholders to support remediation efforts while adhering to scope and ethical testing rules.

Required profile

• 1–3 years of hands‑on experience in web application security, API security, vulnerability assessment or penetration testing.
• Bachelor’s degree in Cybersecurity, Computer Science or related field (or equivalent practical experience).
• Relevant certifications such as eJPT, PJPT, PNPT, CEH, OSCP or similar.
• Strong documentation and communication skills.

Required skills

• Proficiency with Burp Suite, OWASP ZAP, Postman, Nmap, Nuclei, ffuf, sqlmap, dirsearch and Linux‑based security tools.
• Deep understanding of HTTP, REST APIs, authentication, authorization, sessions, cookies, JWTs and role‑based access control.
• Knowledge of OWASP WSTG, OWASP Top 10 and OWASP API Security Top 10.
• Familiarity with Python, Bash, JavaScript or SQL (preferred).
• Awareness of CVSS, CWE, MITRE ATT&CK and remediation tracking processes.