Penetration Tester

Software Secured

โ€ข $80K โ€” $100K *
US-AnywhereRemote in Ottawa, ON
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 2+ years of hands-on manual penetration testing experience
  • Proven ability to manage end-to-end security engagements with minimal oversight
  • Experience identifying complex security issues beyond OWASP Top 10
  • Ability to produce client-ready, technically accurate reports with minimal rework
  • Background in software development, particularly in Python, .NET, Ruby, or Java
  • Strong communication skills for engaging with technical teams
  • Eligibility to work in Canada (citizen, permanent resident, or valid work visa)

Responsibilities

  • Conduct manual penetration tests on web applications, APIs, mobile apps, and network infrastructure
  • Deliver confirmed and exploitable findings with actionable remediation guidance
  • Address complex test cases like business logic flaws and vulnerability chaining
  • Present findings directly to client engineering teams, ensuring clarity and comprehension
  • Engage in security design reviews and threat modeling in early SDLC phases
  • Mentor junior testers and contribute to methodology improvements
  • Develop expertise in specific service areas and receive formal recognition and stipend

Benefits

  • Remote work opportunities anywhere in Canada, with an option for global remote work for 2 months per year
  • Yearly profit-sharing of 5 - 12% based on performance
  • Monthly budget for UberEats and annual home office stipend
  • 3 weeks of vacation plus additional leave during the holiday season
  • Comprehensive health benefits package including dental and vision
  • Parental, bereavement, and child loss leave
Full Job Description
Our team of pentesters is seeking a pentester to join us and help secure a few hundred additional applications.

As a Pentester at Software Secured, you will have the opportunity to help our clients secure their mission-critical applications. This includes performing security code review, web, mobile, and network security tests. Help clients with security design reviews, threat modelling, and remediation strategies.

What You'll Do
  • Run manual penetration tests across web applications, APIs, mobile apps, and network infrastructure - from scoping through testing, reporting, client readout, and retest
  • Produce findings that are manually confirmed and exploitable, with remediation guidance a developer can act on without a follow-up call
  • Handle nuanced test cases beyond the standard checklist: business logic flaws, authorization edge cases, vulnerability chaining, and environment-specific attack paths
  • Present findings directly to client engineering teams and security leads - explaining what was found, why it matters, and how to fix it
  • Contribute to security design reviews and threat modelling engagements earlier in the SDLC
  • Mentor junior testers on test execution and report quality; contribute to methodology improvements, tooling, and internal playbooks
  • Develop domain depth in one or more service areas (web, network, mobile, code review) through our Domain Expertise Program - with formal recognition and stipend for engineers who build expertise that makes the whole team stronger


What We're Looking For
  • 2+ years of hands-on manual penetration testing - not scanner-assisted, manual
  • Demonstrated ability to run standard engagements end-to-end with minimal oversight: scope, test, report, readout, retest
  • Finds that go beyond OWASP Top 10 basics - business logic issues, complex auth flaws, chained vulnerabilities
  • Reports that are client-ready with low rework: technically accurate, clearly written, correctly risk-rated
  • Software development background in one or more of Python, .NET, Ruby, or Java - you understand how the thing was built, not just how to break it
  • Strong communication skills in both directions: writing that doesn't require a translator and calls where you can hold your own in front of an engineering team
  • Located in Canada and eligible to work (citizen, permanent resident, or valid work visa)


Nice to Have
  • OSCP, OSCP+, or GWAPT
  • Experience across multiple service areas (web + mobile, or web + network)
  • Familiarity with compliance frameworks that drive our clients' security programs: SOC 2, ISO 27001, PCI DSS, HIPAA


What we are offering:

๐Ÿค‘ Competitive base salary

๐Ÿ Work remotely anywhere in Canada (you're welcome to work in the Ottawa office when you'd like the option).

Work remotely from anywhere in the world for up to 2 months per year.

Yearly profit-sharing between 5 - 12% of your base salary, based on your performance.

Perks such as: monthly UberEats budget, annual home office stipend.

3 weeks of vacation to start. Additionally, the whole company is off for the week between Christmas and the New Year.

Parental, bereavement and child loss leave.

You will receive a great health benefits package (includes dental, vision, practitioners, etc.).

Similar Jobs

More Jobs at Software Secured

  • Penetration Tester
    $70K โ€” $95K *
    Ottawa, ON K1G 3J6
    Information Technology
    In-Person
  • Penetration Tester
    $80K โ€” $100K *
    Remote
    Information Technology
    Remote in Ottawa, ON

More Information Technology Jobs

Find similar Penetration Tester jobs: