Penetration Tester

Software Secured

$70K — $95K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 4+ years of penetration testing (application, mobile, or desktop) experience.
  • Strong software development skills in Python, .NET, Ruby, or Java.
  • OSCP or GWAPT certification is a plus.
  • Expert knowledge of OWASP Top 10 vulnerabilities.
  • Excellent verbal and written communication abilities.
  • Strong analytical and quantitative skills.
  • Candidates must be Canadian citizens, permanent residents, or work visa holders.

Responsibilities

  • Conduct security code reviews for various applications.
  • Perform web, mobile, and network security tests.
  • Assist in security design reviews for client applications.
  • Engage in threat modeling exercises.
  • Provide remediation strategies to clients for identified security issues.

Benefits

  • Remote work flexibility anywhere in Canada and up to 2 months internationally.
  • Profit-sharing bonuses of 7-12% of base salary based on performance.
  • Monthly UberEats budget for meals during work.
  • Annual stipend for home office expenses.
  • Three weeks of vacation with additional time off between Christmas and New Year.
  • Comprehensive health benefits package including dental and vision.
Full Job Description
Our team of pentesters is seeking a pentester to join us and help secure a few hundred additional applications.

As a Pentester at Software Secured, you will have the opportunity to help our clients secure their mission-critical applications. This includes performing security code review, web, mobile, and network security tests. Help clients with security design reviews, threat modelling, and remediation strategies.

What You'll Do
  • Run manual penetration tests across web applications, APIs, mobile apps, and network infrastructure - from scoping through testing, reporting, client readout, and retest
  • Produce findings that are manually confirmed and exploitable, with remediation guidance a developer can act on without a follow-up call
  • Handle nuanced test cases beyond the standard checklist: business logic flaws, authorization edge cases, vulnerability chaining, and environment-specific attack paths
  • Present findings directly to client engineering teams and security leads - explaining what was found, why it matters, and how to fix it
  • Contribute to security design reviews and threat modelling engagements earlier in the SDLC
  • Mentor junior testers on test execution and report quality; contribute to methodology improvements, tooling, and internal playbooks
  • Develop domain depth in one or more service areas (web, network, mobile, code review) through our Domain Expertise Program - with formal recognition and stipend for engineers who build expertise that makes the whole team stronger


What We're Looking For
  • 2+ years of hands-on manual penetration testing - not scanner-assisted, manual
  • Demonstrated ability to run standard engagements end-to-end with minimal oversight: scope, test, report, readout, retest
  • Finds that go beyond OWASP Top 10 basics - business logic issues, complex auth flaws, chained vulnerabilities
  • Reports that are client-ready with low rework: technically accurate, clearly written, correctly risk-rated
  • Software development background in one or more of Python, .NET, Ruby, or Java - you understand how the thing was built, not just how to break it
  • Strong communication skills in both directions: writing that doesn't require a translator and calls where you can hold your own in front of an engineering team
  • Located in Canada and eligible to work (citizen, permanent resident, or valid work visa)


Nice to Have
  • OSCP, OSCP+, or GWAPT
  • Experience across multiple service areas (web + mobile, or web + network)
  • Familiarity with compliance frameworks that drive our clients' security programs: SOC 2, ISO 27001, PCI DSS, HIPAA


What we are offering:

🤑 Competitive base salary

🍁 Work remotely anywhere in Canada (you're welcome to work in the Ottawa office when you'd like the option).

Work remotely from anywhere in the world for up to 2 months per year.

Yearly profit-sharing between 5 - 12% of your base salary, based on your performance.

Perks such as: monthly UberEats budget, annual home office stipend.

3 weeks of vacation to start. Additionally, the whole company is off for the week between Christmas and the New Year.

Parental, bereavement and child loss leave.

You will receive a great health benefits package (includes dental, vision, practitioners, etc.).

Similar Jobs

More Information Technology Jobs

Find similar Penetration Tester jobs: