As part of the Security team, you will work closely with product and engineering teams to ensure the security of web and desktop applications.You will take ownership of security assessments, contribute to secure development practices, and help drive security maturity across the organization.Role and ResponsibilitiesPerform penetration testing and security assessments of:Web applications and APIsDesktop (thick client) applicationsIdentify vulnerabilities and clearly communicate risks and impact.Produce high-quality security reports with:clear reproduction stepsrealistic impact assessmentpractical remediation guidanceWork closely with developers and product teams to:explain vulnerabilitiessupport remediationvalidate fixesImprove internal security processes, tools, and methodologies.Participate in secure coding trainings and knowledge sharing. Required Technical and Professional Expertise3+ years of hands-on experience in application security/penetration testing.Strong practical experience in:Web application security testing (OWASP WSTG, ASWS or equivalent)API security (auth flows, business logic, abuse cases)Understanding of desktop application security basics, including:Local storage / ACLs / secrets handlingReverse engineering basics (static/dynamic analysis)Common issues (hardcoded secrets, insecure IPC, weak crypto usage)Solid understanding of:Common vulnerability classes and their root causesClient-server interaction modelsNetwork communication protocolsModern web technologiesAuthentication mechanismsSecure Software Development LifecycleFoundational Knowledge of AI SecurityUnderstanding of the OWASP Top 10 for LLM Applications (e.g., Prompt Injection, Sensitive Data Disclosure, Insecure Output Handling)Proficiency in using LLMs and AI-powered tools to accelerate vulnerability analysis, deobfuscate code, and automate the creation of custom security tools or exploit scriptsPrompt Engineering: Ability to craft and refine complex prompts for deep-dive code analysis (SAST) and generating context-aware test cases for business logic flawsHands-on experience with tools such as:Burp Suite (advanced usage)Proxies, fuzzers, scannersSAST / DAST toolsSysinternals Suite (ProcMon, SigCheck, etc.)Basic RE tools (Ghidra, jadx, dnSpy — at least on a basic level)AI Productivity Tools: AI-assisted coding environments (e.g., GitHub Copilot, Cursor, or Claude Code) to streamline security auditing and remediation workflowsStrong communication skills:Ability to explain security issues to engineersClear and structured reporting in EnglishAbility to work independently and take ownership.Nice to Have:Experience in bug bounty, public vulnerability disclosures or CTF competitions.Development background (ability to read and understand production code).Experience with Cloud environments, CI/CD and DevSecOps practices.Experience in Threat modeling and Architecture reviewsFamiliarity with privacy and compliance frameworks (GDPR, ISO 27001, SOC2, etc.)Relevant certifications like CEH, BSCP, eWPT, OSCP, etc.