Senior Pentester

Senior PentesterMiejsce pracy: WrocławTechnologies we useExpectedNetworkingLinuxPythonKerberosOAuth2SAMLJWTKubernetesCI/CDAbout the projectAs a Senior Pentester you will become a key member of our growing Cybersecurity team responsible for an international project (French customer) and operating within a Zero Trust Security model. We’re counting not only on your technical expertise but also on your ability to cooperate with others, with particular attention to knowledge sharing and mentoring junior team members.Cooperation is based on a Contract of Employment and a hybrid work model (2 days per week in our Wrocław office).Your responsibilitiesPlan and lead tests from start to finish: scope, Statement of Work, rules of engagement, and legal/risk checksConduct technical audits (including PenTesting & configuration audits) on various scopes of differing complexityIdentify and combine weaknesses to demonstrate real impact, always safely and within scopeFacilitate workshops to develop Red Team philosophy & contribute to promoting Purple Team while considering Blue Team maturityWrite clear reports with evidence, risk ratings (e.g., CVSS), business impact, and practical fixes; present results to technical and non-technical audiencesAgree on priorities with owners, advise on fixes and compensating controls, plan and perform retestsImprove methods and tools: keep playbooks up to date, write scripts/PoCs, maintain lab environments, and share researchTeach and support junior testers: 1:1s, pair testing, guided labs, internal trainings; review their work; assist with hiring and onboardingShare knowledge with the team and community: tech talks, write-ups, lessons learned; publish blogs or talks; contribute to open sourceWork with stakeholders: run briefings/workshops and translate technical risks into business languageSupport presales: scope proposals, estimate effort, write SoWs, and participate in client meetingsFollow ethics and standards (PTES, OWASP, NIST, ISO, PCI DSS) and protect sensitive dataOur requirements5+ years of hands-on penetration testing across multiple areas; experience leading projects and mentoring others (2+ years)Strong knowledge of networking (TCP/IP, DNS, routing), Linux, and web technologies (HTTP(S), TLS, REST/GraphQL)Good understanding of identity and authentication: Kerberos/NTLM, OAuth2/OIDC, SAML, JWT; AD/Entra ID and common IdPs (e.g., Okta/Azure AD)Advanced exploitation skills: validate findings, build simple PoCs, chain issues, escalate privileges, move laterally, and maintain strong OPSECSolid Cloud and container security experience: IAM, segmentation, serverless, secrets, supply chain, Kubernetes (RBAC/admission), and CI/CD attack pathsKnowledge of tools: Burp Suite Pro, Nmap, Wireshark, Metasploit; cloud CLIs; and C2 frameworks (e.g., Cobalt Strike, Sliver) when permittedScripting/programming: Python and at least one of: PowerShell/Bash/Go; Git; ability to automate and build safe custom toolingAbility to apply and adapt methods and frameworks as needed: PTES, OWASP Testing Guide, NIST SP 800-115; map work to MITRE ATT&CK; basic threat modelingClear communication: concise writing, effective presentations, and risk prioritization linked to business impactFluency in both Polish and English (at least B2)OptionalCertifications: CEH, CISSP, OSCP, GPEN/GXPN/GMOB, CRTO, CCSK/CCSPDeeper experience with Red Teaming, detection engineering, and telemetry tuningReverse engineering and exploit development (e.g., Ghidra/IDA) or fuzzingAdvanced mobile testing (e.g., Frida/Objection, instrumentation)Open-source contributions, research/CVEs, conference talks, or a strong bug bounty recordExperience with compliance/risk frameworks (PCI DSS, ISO 27001/SOC 2, NIST CSF) and measurement (KPIs/OKRs)Knowledge of the French languageWhat we offerStable employment based on an employment contractHybrid work model (2 days from the office / 3 days from home)Pension program – after 6 months of employment, Orange will contribute 7% of your gross salary each month to your retirement accountPrivate medical care with PZU ZdrowieInterest-free loans for housing, health, and other purposesSubsidy for vacationFitProfit sports cardIntegration events and trips co-financed from the social fundOption to join group insurance on preferential termsSmartphone with unlimited Internet – also for private usePreferential offer for Orange servicesDiverse and tailored development opportunities – training, access to educational platforms (including language learning platforms), internal internship programs, and inspiring educational events“Health YES” – a program for people with disabilities“I’m in the game” – support for parents returning to work after parental leaveWellbeing programsVolunteering in cooperation with the Orange FoundationBenefitssharing the costs of sports activitiesprivate medical caresharing the costs of foreign language classeslife insurancecorporate products and services at discounted pricesintegration eventsmobile phone available for private useretirement pension planpreferential loansextra social benefitsholiday fundssharing the costs of holidays for kidsemployee referral programcharity initiativesfamily picnicsOrange PolskaFor years, Orange has proudly ranked among the world’s top ten employers. We are a trusted leader in telecommunications and IT services for businesses in Poland, combining our own research and development with cutting-edge solutions in IoT, ICT, and cybersecurity. By joining Orange, you’ll be part of an innovative environment where your work truly makes an impact — and where your dedication is recognized and rewarded.At Orange, inclusivity is at the heart of everything we do. Our recruitment process ensures equal opportunities for all candidates, regardless of gender, age, race, origin, religion, disability, sexual orientation, or any other legally protected characteristic, in full compliance with applicable law.Wszystkie informacje o przetwarzaniu danych osobowych w tej rekrutacji znajdziesz w formularzu aplikacyjnym, po kliknięciu w przycisk "Aplikuj Teraz".