Penetration Testing Security Analyst – Mobile and Web Applications

Unleash cybersecurity excellence — pioneer the future of secure digital innovation. Krakow-based opportunity with hybrid work model As a Penetration Testing Security Analyst – Mobile and Web Applications, you will be working for our client, a leader in the financial sector dedicated to safeguarding digital assets and elevating cybersecurity standards. Your expertise will directly contribute to identifying vulnerabilities, strengthening defenses, and driving continuous improvement within the Bug Bounty Program — shaping resilient financial solutions and fostering trust. Your main responsibilities: Analyze, assess, and respond to security vulnerabilities received through the Bug Bounty Program Research and reproduce identified security issues to understand root causes Perform root cause analysis and recommend effective remediation strategies Communicate findings clearly and effectively with internal teams and external security researchers Collaborate with stakeholders to understand risks and oversee remediation progress Drive enhancements in tooling, automation, and process setup to improve program efficiency Continuously improve the quality and maturity of the Bug Bounty Program aligned with cybersecurity strategy Advise on vulnerability remediation, control implementation, and secure development practices You're ideal for this role if you have: At least 4 years of hands-on experience in penetration testing Proven participation in Bug Bounty Programs is a plus Strong understanding of platform security models for iOS and Android Deep knowledge of security risks and common vulnerabilities in mobile and web applications, especially in financial contexts Practical skills in penetration testing across infrastructure, web, and mobile technologies, utilizing manual and automated methods Excellent TCP/IP security understanding Web application testing expertise Proven programming and scripting skills Ability to communicate complex security concepts to both technical and non-technical audiences Critical thinking and problem-solving capabilities in complex technical scenarios Independence and entrepreneurial attitude to excel in loosely defined or evolving environments Expertise in at least one pen testing domain (infrastructure, apps, mobile) It is a strong plus if you have: Certifications in cybersecurity or penetration testing Knowledge of cryptography application in secure development Language Required for the role: Fluent English (both written and verbal) for all formal communication