Back to search
Big Stars Linkedin · Posted 22d ago

Senior Penetration Tester

Belgrade

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Big Stars is an end-to-end product engineering company based in Belgrade, Serbia. We create a space where people take initiative and go big.

We focus on:

- turning outdated systems into high-performing engines

- creating clean products that users actually love

- designing stable and secure environments

- building complex tech products


We invite a Senior Penetration Tester to join our team.


‼️ It's an office-based role – NO remote or hybrid options.‼️

We provide relocation support if your current location is different.


Responsibilities:

✔️ Lead end-to-end penetration testing engagements across web applications, APIs, mobile, internal and external networks and cloud (primarily AWS).

✔️ Run red-team and assumed-breach operations - initial access, privilege escalation, lateral movement, persistence, exfiltration - including against fraud and detection stacks. ✔️ Perform security reviews of cloud-native services, Kubernetes workloads, CI/CD pipelines, and microservices.

✔️ Discover and exploit vulnerabilities across real-money flows - payments, deposits and withdrawals, wallets, KYC / AML, bonus systems, and affiliate tracking.

✔️ Partner with product, engineering, AppSec, payments, and fraud teams to translate findings into concrete fixes and durable controls.

✔️ Develop custom tooling, scripts, and methodology where no out-of-the-box approach exists.

✔️ Build and validate declarative threat models and contribute to "secure by design" practice.

✔️ Mentor mid and junior testers, review their engagement plans and reports.

✔️ Track new CVEs, TTPs, MITRE ATT&CK updates, and regulator advisories - translate them into concrete changes here.

✔️ Support pre-sales scoping, effort estimation, and pre-certification engagements for new products and jurisdictions.

✔️ Serve as a trusted offensive-security advisor to product, engineering, and compliance teams.


Requirements:

✔️ Minimum 4 years of hands-on penetration testing or offensive-security experience.

✔️ Proven track record across at least three of: web / API, internal, external network, cloud (AWS / GCP), mobile (iOS / Android).

✔️ OSCP or an equivalent in-the-box certification.

✔️ Strong working knowledge of SAST/SCA/DAST tooling, AWS/GCP, MITRE ATT&CK, OWASP ASVS / WSTG, PTES.

✔️ Understanding of the data flow, MVC model.

✔️ Understanding of supply chain attacks.

✔️ Good reporting skills.

✔️ Comfortable scripting in Python plus Bash.

✔️ Knowledge at least one of major cloud provider's IAM model.

✔️ Experience pentesting cloud-native systems and Kubernetes environments, plus the CI/CD pipelines around them (GitLab, GitHub Actions, Jenkins) and IaC (Terraform, Helm, CloudFormation).

✔️ Strong written and verbal communication in English.

✔️ Experience balancing security and business demands under release pressure.

✔️ Familiarity with industry regulations, frameworks, and practices: PCI DSS, ISO 27001, NIST, GDPR.


PREFERRED QUALIFICATIONS:

✔️ One of offensive-security certifications: OSWE, OSEP, OSED, CRTO, BSCP, ARTE, GRTE.

✔️ In-depth experience architecting secure services on Kubernetes and AWS.

✔️ Prior iGaming, fintech, or payments domain experience.

✔️ Public CVEs, advisories, write-ups, conference talks.

✔️ HTB Pro Lab completions, real CTF placements.

✔️ Open-source contributions to offensive or defensive tooling.


We offer excellent benefits, including but not limited to:

🏝 24 vacation days annually.

🤒 6 sick days without a medical certificate.

🏥 Premium Health Insurance (coverage up to 5,000 EUR annually).

🎉 Special occasion gifts: birthday, wedding, newborn.

📚 Learning & Development budget (for conferences, courses and certifications).

🌍 Corporate events: international parties, team buildings, activities.

📈 Career growth opportunities in a fast-growing company.

✈️ Relocation package for international candidates.

🏋️ Sports package (FitPass membership).

🗣️ Language classes: Serbian & English (company-covered).

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent