Security Engineer - Penetration Tester (Red Team)
Indexed description
You'll be conducting regular security assessments across our core products:
- Jubelio Omnichannel — multi-tenant e-commerce platform
- Jubelio Store — storefront product
- Jubelio Shipment — logistics and courier integration layer
- Jubelio Chat — AI-powered merchant chatbot (includes LLM components)
- Jubelio POS — point of sale system
Job Description
- Plan and execute routine penetration tests across all Jubelio products — web, API, and mobile surfaces
- Identify vulnerabilities, document findings, and work with engineering teams to validate and remediate
- Develop and maintain a structured pentest schedule and methodology across product lines
- Perform threat modeling to prioritize attack surfaces that matter most for our business context
- Produce clear, actionable pentest reports for both technical and non-technical audiences
- Work with the Head of Engineering to define the security roadmap, team structure, and hiring plan as the team grows
- Establish security standards, tooling, and processes that will serve as the foundation for the team
- Min 2-4 years experience in Red Team / Penetration tester, security engineer, or other related positions.
- Solid hands-on penetration testing experience across web applications and APIs (OWASP Top 10 and beyond)
- Strong understanding of authentication and authorization flaws, particularly in multi-tenant SaaS architectures
- Experience with common pentest tooling — Burp Suite, Metasploit, Nmap, nuclei, or equivalent
- Able to read and understand code to identify vulnerabilities (gray-box / white-box testing)
- Familiar with cloud infrastructure attack surfaces (misconfigured storage, IAM, exposed services)
- Experience writing structured pentest reports that engineers can actually act on
- Strong communication skills — you'll be bridging security findings with product and engineering teams regularly
- Experience testing LLM-integrated products or AI chatbot surfaces (prompt injection, data leakage)
- Familiarity with e-commerce or fintech threat landscapes
- Relevant certifications: OSCP, CEH, eWPT, or equivalent
- Prior experience building or leading a security practice
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search