Penetration Tester – Application Security

About the role

Red Valley is expanding its Cyber Security team and seeks a skilled Penetration Tester to support a large fintech environment. You will focus on security validation of web, mobile, and API applications within a complex production ecosystem.

Key responsibilities

• Conduct application security assessments for web, mobile, and API systems.
• Perform business‑logic testing and advanced vulnerability validation.
• Review authentication, authorization, and session‑management mechanisms.
• Validate remediation fixes and carry out post‑remediation verification.
• Produce structured technical reports and clearly communicate findings.
• Support security assurance activities aligned with OWASP and industry standards.

Required profile

• 3+ years of experience in application security or penetration testing.
• Strong knowledge of web, API, and mobile security testing methodologies.
• Familiarity with OWASP Top 10, OWASP API Security Top 10, and OWASP MASVS.
• Experience with professional testing tools such as Burp Suite and mobile testing frameworks.
• Ability to analyse complex authentication flows, business‑logic vulnerabilities, and access‑control issues.
• Excellent documentation and reporting skills.

Required skills

• Burp Suite
• Mobile testing frameworks
• OWASP Top 10
• OWASP API Security Top 10
• OWASP MASVS