We are seeking a highly motivated and technically proficient Senior Penetration Tester to join our security research division. This role is dedicated to performing advanced offensive security assessments against the biggest companies in the world

You need to be independent, attentive to details, organized, eager to learn new things, and like to research and solve problems

What you’ll do:

• Lead and execute comprehensive, technically rigorous penetration tests targeting complex web applications, modern API architectures, and enterprise systems for organizations with significant global presence.
• Engage in sophisticated Red Team projects, including the identification of undisclosed API endpoints, development of novel bypass techniques for established security controls, and lateral movement within target environments.
• Contribute substantively to the design, development, and maintenance of proprietary internal security tools and automation frameworks to enhance the efficacy and efficiency of offensive operations.

• Minimum of 3 years of proven, hands-on experience in application security analysis, with a heavy emphasis on complex API penetration testing and a mastery of the OWASP Top 10 landscape.
• Proficiency in developing and automating tasks using at least one language like Python, JavaScript, or GoLang.
• Strong experience with static and dynamic analysis of Android and iOS applications, including hands-on experience with techniques like detours, hooking, and runtime code manipulation
• Deep, hands-on knowledge of the latest tactics, techniques, and procedures (TTPs) used in advanced penetration testing and network analysis.
• Ability to author comprehensive and technically rigorous reports detailing identified vulnerabilities and research outcomes.

Nice to have:

• OSCP, OSWE, eWPTXv2, CRTP, or other high-level offensive certifications.
• Hands-on experience with industry-standard reversing tools like JADX, Ghidra, or IDA Pro.
• Demonstrated online achievements, write-ups, or contributions on platforms such as HackTheBox, Pwn2Own, TryHackMe, Bug Bounty programs, or published security research.

ActiveFence is the leading provider of security and safety solutions for online experiences, safeguarding more than 3 billion users, top foundation models, and the world’s largest enterprises and tech platforms every day.

As a trusted ally to major technology firms and Fortune 500 brands that build user-generated and GenAI products, ActiveFence empowers security, AI, and policy teams with low-latency Real-Time Guardrails and a continuous Red Teaming program that pressure-tests systems with adversarial prompts and emerging threat techniques. Powered by deep threat intelligence, unmatched harmful-content detection, and coverage of 117+ languages, ActiveFence enables organizations to deliver engaging and trustworthy experiences at global scale while operating safely and responsibly across all threat landscapes.