FreeHire

Resideo

Senior Penetration Engineer

Show

We are looking for a new colleague, Senior Penetration Engineer, who would like to make our products and services more secure by “attacking” them.

In this role, you will primarily focus on penetration testing of mobile applications, web applications, cloud services, APIs, networks, and systems. What makes this opportunity different is the chance to also work on security testing of embedded systems and connected devices. This will not be the majority of your work, but it will be an important and technically attractive part of the role - roughly around one quarter of the overall scope, depending on current projects and your experience.

You may therefore find yourself testing not only applications and backend services, but also the way devices communicate with mobile apps, cloud platforms, update mechanisms, firmware, network interfaces, and other components of a real product ecosystem.

On that journey, you may face many challenges but also experience the satisfaction of finding and helping fix meaningful security issues. The landscape is constantly changing, so you will be encouraged to go through training, attend conferences, participate in our Hacking Fridays and CTFs, and continuously learn new things. Though there might be many challenges on your way, remember you are never alone.

JOB DUTIES:

  • Advanced Penetration Testing: Perform in-depth penetration tests on mobile applications, web applications, APIs, cloud services, networks, and systems to uncover security weaknesses.
  • Embedded and Connected Device Security: Contribute to security testing of embedded systems and connected devices, including areas such as firmware, device communication, update mechanisms, exposed interfaces, and device-to-cloud interaction.
  • Project Ownership: Take ownership of more complex security projects, ensuring timely and high-quality deliverables.
  • Tool Proficiency: Utilize advanced tools and methodologies for penetration testing, vulnerability assessment, mobile application testing, cloud security testing, and, where relevant, embedded system analysis.
  • Reporting: Document findings and provide detailed reports with clear technical impact, reproducible evidence, and actionable recommendations.
  • Collaboration: Work with team members and other departments to achieve common objectives and ensure the success of cross-functional projects.
  • Compliance: Ensure all testing activities adhere to company policies and industry standards.
  • Self-Development: Dedicate time during your working week to build your skills and prepare for relevant industry certifications, fully funded by ADI.

YOU MUST HAVE:

  • Hands-on experience in cyber security, with a strong focus on penetration testing and vulnerability assessment.
  • Practical knowledge of penetration testing tools and techniques for at least some of the following areas: web applications, APIs, mobile applications, cloud services, networks, or systems.
  • The ability to analyze complex security problems, understand their real-world impact, and propose effective, practical solutions.
  • A strong desire for continuous self-development, with the willingness to learn, adapt to new tools and technologies, and invest time in studying for relevant qualifications.
  • Interest in expanding your security testing experience into embedded systems, connected devices, or product security.
  • Business-level English is required.

WE VALUE:

  • One or more advanced certifications such as OSCP, OSEP, OSWE, GWAPT, GMOB, or similar.
  • Experience with mobile application security testing, cloud security testing, or API security testing.
  • Experience or interest in embedded systems, IoT security, firmware analysis, Linux-based devices, network protocols, serial communication, hardware-facing debug interfaces, or device-to-cloud security.
  • The ability to collaborate effectively with team members and cross-functional stakeholders to achieve shared goals.
  • Fluency in Czech.

WHAT'S IN IT FOR YOU:

  • Stable multinational company
  • 5 weeks of holidays
  • Possibility of working from home 2x per week.
  • Private parking, good public transport links
  • Pluxee leisure allowance of CZK 4,500/year
  • Multisport card
  • Meal allowance of CZK 80/day
  • Contribution to life/pension insurance/DIP
  • Discounted mobile phone tariff for family members
  • Language courses
  • Company events (Christmas party, team building)

#LI-SR1

#LI-HYBRID