Our team of pentesters is seeking a pentester to join us and help secure a few hundred additional applications.
As a
Pentester at Software Secured, you will have the opportunity to help our clients secure their mission-critical applications. This includes performing security code review, web, mobile, and network security tests. Help clients with security design reviews, threat modelling, and remediation strategies.
What You'll Do- Run manual penetration tests across web applications, APIs, mobile apps, and network infrastructure - from scoping through testing, reporting, client readout, and retest
- Produce findings that are manually confirmed and exploitable, with remediation guidance a developer can act on without a follow-up call
- Handle nuanced test cases beyond the standard checklist: business logic flaws, authorization edge cases, vulnerability chaining, and environment-specific attack paths
- Present findings directly to client engineering teams and security leads - explaining what was found, why it matters, and how to fix it
- Contribute to security design reviews and threat modelling engagements earlier in the SDLC
- Mentor junior testers on test execution and report quality; contribute to methodology improvements, tooling, and internal playbooks
- Develop domain depth in one or more service areas (web, network, mobile, code review) through our Domain Expertise Program - with formal recognition and stipend for engineers who build expertise that makes the whole team stronger
What We're Looking For- 2+ years of hands-on manual penetration testing - not scanner-assisted, manual
- Demonstrated ability to run standard engagements end-to-end with minimal oversight: scope, test, report, readout, retest
- Finds that go beyond OWASP Top 10 basics - business logic issues, complex auth flaws, chained vulnerabilities
- Reports that are client-ready with low rework: technically accurate, clearly written, correctly risk-rated
- Software development background in one or more of Python, .NET, Ruby, or Java - you understand how the thing was built, not just how to break it
- Strong communication skills in both directions: writing that doesn't require a translator and calls where you can hold your own in front of an engineering team
- Located in Canada and eligible to work (citizen, permanent resident, or valid work visa)
Nice to Have- OSCP, OSCP+, or GWAPT
- Experience across multiple service areas (web + mobile, or web + network)
- Familiarity with compliance frameworks that drive our clients' security programs: SOC 2, ISO 27001, PCI DSS, HIPAA
What we are offering: ๐ค Competitive base salary
๐ Work remotely anywhere in Canada (you're welcome to work in the Ottawa office when you'd like the option).
Work remotely from anywhere in the world for up to 2 months per year.
Yearly profit-sharing between 5 - 12% of your base salary, based on your performance.
Perks such as: monthly UberEats budget, annual home office stipend.
3 weeks of vacation to start. Additionally, the whole company is off for the week between Christmas and the New Year.
Parental, bereavement and child loss leave.
You will receive a great health benefits package (includes dental, vision, practitioners, etc.).