Application Security Engineer - Pentester

2 months, 2 weeks ago
Full-time
Senior
Cybersecurity
Veeam Software

Veeam Software

Veeam Software is the global leader in Backup that delivers Modern Data Protection, offering solutions for virtual environments, enterprises, small businesses, and service providers worldwide.

Internet Software & Services
1K-5K
Founded 2006
$500M raised

Description

  • Own offensive testing planning, depth, frequency, and reporting for assigned products and services.
  • Perform manual penetration testing of web applications and APIs, with emphasis on authentication, authorization, multi-tenant boundaries, and critical workflows.
  • Use Burp Suite to validate, reproduce, and automate testing workflows and authenticated flows.
  • Run, tune, and scale authenticated DAST scans while reducing false positives and coordinating with CI/platform teams.
  • Deliver clear findings, proofs of concept, and remediation guidance, then partner with engineers to retest and close issues.
  • Track findings with appropriate severity levels and remediation SLAs.
  • Improve testing tools, repeatability, and playbooks to make offensive testing more consistent.
  • Help prevent recurring vulnerabilities through standards, libraries, platform controls, and input to threat modeling and design reviews.

Requirements

  • Strong web and API penetration testing experience.
  • Practical exploitation experience with authorization issues such as IDOR/BOLA, privilege escalation, and role or tenant boundary testing.
  • Experience with authentication and session flows, including tokens and identity integrations.
  • Knowledge of common web vulnerabilities such as injection, SSRF, deserialization, and misconfigurations.
  • Advanced Burp Suite skills, including manual validation, targeted fuzzing, authenticated testing, extensions, and macros.
  • Experience writing Semgrep rules to detect insecure patterns.
  • DAST experience at scale, including authenticated scans, coverage tuning, and false-positive reduction.
  • Clear written communication skills for concise PoCs and actionable remediation guidance.
  • Bonus: SaaS multi-tenant security testing experience, OAuth2/OIDC/SAML depth, bug bounty triage, and custom tooling or Burp extensions.
  • Remote work is only possible for candidates located in the Czech Republic.

Benefits

  • 25 vacation days, 4 sick days, 21 paid medical leave days, plus 4 extra global VeeaMe Days for self-care.
  • 24 paid volunteer hours annually through Veeam Cares.
  • Premium private medical insurance for employees and dependents.
  • Daily meal vouchers worth 180 CZK per working day.
  • Flexible cafeteria platform with many lifestyle benefit options.
  • Multisport Card for gym and wellness, with family add-on options.
  • Annual public transport reimbursement up to a set limit.
  • Corporate mobile plan with optional family tariff.
  • Learning and development opportunities through LinkedIn Learning, O’Reilly, mentoring, workshops, and learning events.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Senior Manager, Engineering

Sumo Logic 251-1K Internet Software & Services

Sumo Logic is hiring a Senior Manager, Engineering for Application Security to lead global programs that improve product security, reliability, and operational efficiency across its cloud platform.

Agile AWS C++ Docker GCP Java Kafka Kubernetes OWASP Ruby Scala SIEM
18 hours, 11 minutes ago

Security Engineering - Apps and Cloud Security

CallTek 51-250 Internet Software & Services

A security engineer at the company will own cloud and application security initiatives across CSPM, CIEM, CWPP, and AppSec platforms, with a focus on securing multi-cloud environments and enabling DevSecOps.

AWS DevSecOps GCP
18 hours, 11 minutes ago

Principal AI Security Specialist

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise AI security conversations and help customers securely adopt GenAI across complex technical and sales engagements.

Cybersecurity Generative AI LLM
1 day, 17 hours ago

Principal AI Security Specialist - West

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise-facing AI security conversations and help customers securely adopt GenAI across complex environments.

Cybersecurity Generative AI LLM
1 day, 17 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers