3+ years of experience in product security (combination of web, mobile, API, cloud, infrastructure and container security) or equivalent skillset. Experience with penetration testing is a must requirement. Prior participation in bug bounty programs is a big plus.
Familiarity with various hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Proficiency in assessing web applications for common vulnerabilities like SQL injection, XSS, CSRF, and more.
Proficiency in exploiting vulnerabilities to gain unauthorized access and assess the impact of attacks and understanding of vulnerability scoring systems (e.g., CVSS) to prioritize findings.
Ability to think creatively and analytically to identify and exploit vulnerabilities. Effective problem-solving skills when encountering unexpected challenges during testing.
Integrity, professionalism, and the ability to work under pressure and maintain confidentiality.