Penetration Tester - Application / Mobile / API

Are you passionate about cybersecurity and ready to make an impact in a market-leading, customer-centric company? We are seeking a skilled Application Penetration Tester to join our dynamic team. In this role, you will play a critical part in safeguarding our e-commerce platform and other B2C/B2B web services by identifying vulnerabilities, conducting penetration tests, and collaborating with stakeholders to implement effective security measures.

Key Responsibilities
• Address and prioritize security vulnerabilities across web applications, APIs, mobile apps, networks, and cloud environments while coordinating mitigation efforts with relevant teams.
• Perform threat modeling, design reviews, and penetration testing to identify potential risks and security flaws in external-facing applications.
• Execute manual and automated security testing techniques (black-box, grey-box, white-box) to uncover weaknesses.
• Simulate real-world attack scenarios to evaluate the effectiveness of existing security controls.
• Identify and validate vulnerabilities such as injection flaws, authentication/authorization issues, misconfigurations, insecure deserialization, and business logic errors.
• Provide guidance to development teams on cybersecurity best practices and translate technical findings into actionable business insights.

Qualifications
• Bachelor's degree in IT or related field with a strong interest in Security.
• At least 1 year of experience in Web Application Security.
• Proficiency in identifying and addressing common vulnerabilities (e.g., OWASP Top 10).
• Hands-on experience with penetration testing tools like Burp Suite.
• Excellent communication skills in both English and Chinese (written and verbal).
• Ability to effectively communicate technical concepts to non-technical stakeholders and articulate security risks in business terms.