Security Auditor
Role details
Job location
Tech stack
Job description
Ackcent Cybersecurity is seeking a skilled Pentester to join our Red Team in Pamplona, Spain. You will focus on Web Security Audits and SAST, identifying vulnerabilities through penetration testing and code analysis., * Perform high-quality security audits and penetration tests.
- Execute Static Application Security Testing to identify vulnerabilities.
- Create clear deliverables and present findings to stakeholders.
- Propose and develop internal scripts to improve auditing efficiency., SAST tools (Checkmarx, Fortify, etc.) Descripción del empleo
At Ackcent Cybersecurity, we share a common goal: protecting our customers' assets from cyber threats through high-quality service and transparent communication.
We are looking for a professional who is not only a skilled pentester but also has a strong programming background. In this role, you will work within our Red Team (RT), specializing in Web Security Audits and SAST (Static Application Security Testing). You will be responsible for identifying vulnerabilities from the outside-in (Pentesting) and the inside-out (Code Analysis), helping our clients build more resilient applications. Responsibilities
- Web & Infrastructure Pentesting: Perform high-quality security audits, penetration tests, and vulnerability assessments on web applications and environments.
- SAST & Code Review: Execute Static Application Security Testing (SAST) to identify logical and security flaws within the source code. If you aren't an expert in specific SAST tools yet, we will provide the training, but a strong ability to read and understand code is essential.
- Technical Documentation: Create clear deliverables and "attack paths." Present findings and security recommendations effectively to both technical teams and stakeholders.
- Tool Development: Propose and develop internal scripts or tools to improve the team's auditing efficiency and automation.
- Client Collaboration: Act as a technical bridge, ensuring the quality of the service and responding to client requirements with a focus on problem-solving.
Requirements
The ideal candidate has 2+ years of experience in Web Pentesting, strong programming skills, and familiarity with OWASP methodology. We offer a collaborative workplace that values continuous learning and integrity., * 2+ years of experience in Web Pentesting or Red Team environments.
-
Ability to read and understand programming languages like Python and JavaScript.
-
Fluency in English (B2 level or higher)., Experience in Web Pentesting Programming Skills (Python, JavaScript, etc.) Technical Expertise in OWASP methodology Problem-solving ability English fluency (B2 level), Degree in Computer Science or equivalent, * Experience: 2+ years of experience in Web Pentesting or Red Team environments.
-
Programming Skills: Proficiency in reading and understanding code (e.g., Python, JavaScript, Java, .NET, or PHP). Comfortable auditing logic within a codebase.
-
Technical Expertise: Understanding and knowledge of OWASP methodology.
-
Proven experience identifying and exploiting web application vulnerabilities.
-
Knowledge of Linux/Windows OS and network fundamentals.
-
Languages: English fluency (B2 level or higher).
-
Soft Skills: Ability to explain complex technical concepts to non-technical people. Humility is key.
Ideal Qualifications
- Certifications: OSCP, eWPTX, OSWE, CRTO, etc.
- SAST Experience: Familiarity with tools like Checkmarx, Fortify, SonarQube, or Snyk.
- Education: Degree in Computer Science, Telecommunications, or equivalent experience/self-taught background.
Who You Are
We value humility and a collaborative spirit. We are looking for someone who isn't afraid to ask "why" or "how," who stays current with ethical hacking best practices, and who enjoys working in a highly collaborative environment. If you love breaking things but are even more passionate about understanding how they are built, we want to meet you.