Short company description

Euro-Testing Software Solutions is involved in software consulting, having experience of approx. 20 years on the market in Romania and abroad, through specific IT solutions and services offered in the following areas:
• Software Testing (manual testing, testing automation, performance testing, outsourcing, training and certification, etc.)
• Cyber ​​Security
• DevOps/DevSecOps
• Implementation and Customization of Atlassian & OpenText products (MicroFocus) and other niche products/solutions
• AI based Decision Intelligence solutions.

Requirements

Technical Skills
Offensive Security and Vulnerability Research
• Expert-level web, API, and cloud penetration testing across common and advanced vulnerability classes.
• Strong capability in exploitability validation, proof-of-concept development, and attack-chain construction.
• Experience with authenticated testing, privilege escalation paths, and lateral movement analysis.
• Strong understanding of internet-facing attack surfaces and external attacker tradecraft.
AI-Assisted Bug Hunting
• Practical experience using LLM and agentic workflows for vulnerability discovery and analysis.
• Ability to tune prompts and workflows to improve signal quality and reduce false positives.
• Experience validating AI-generated findings and separating theoretical from exploitable issues.
• Familiarity with safe operation of AI testing in supervised mode and constrained scope.
Triage, Severity Calibration, and Prioritisation
• Strong hands-on triage capability: deduplication, confidence scoring, and evidence quality checks.
• Ability to calibrate severity using exploitability, exposure, required privilege, and business impact.
• Experience building prioritised remediation queues without creating operational bottlenecks.
• Ability to review and quality-assure LLM-generated findings, triage and validate exploitable risk, and provide structured feedback to engineers building the AI harness to continuously improve detection accuracy and workflow performance.
Remediation and Secure Engineering Collaboration
• Ability to translate findings into actionable fixes: secure refactoring, patching, and configuration hardening.
• Good understanding of dependency risk and upgrade strategy in enterprise environments.
• Experience defining compensating controls when immediate remediation is not feasible.
• Ability to partner with developers to accelerate closure of critical vulnerabilities.
Security Standards, Guardrails, and Assurance
• Experience defining testing guardrails: scope controls, blocked actions, approvals, and kill-switches.
• Ability to enforce full auditability (prompt logs, actions taken, evidence trail, decision rationale).
• Experience embedding lessons learned into secure coding standards and custom detection rules.
• Working knowledge of policy and standards updates and third-party security expectation setting.
Nice to Have
• Prior experience scaling offensive testing programmes in large, regulated organisations.
• Familiarity with internal context datasets and enterprise vulnerability workflows.
• Experience assessing open-source supplier risk in internet-facing application stacks.
Soft Skills
Ownership and Autonomy
• Operates independently across the end-to-end testing lifecycle: plan, execute, validate, report, and retest.
• Proactively identifies high-risk issues and drives remediation outcomes, not just findings output.
Communication and Collaboration
• Clear, concise communication to engineering, product, and cyber leadership audiences.
• Strong stakeholder management across central cyber security and divisional engineering teams.
• Produces high-quality technical evidence and executive-ready risk summaries.
Security Mindset and Pragmatism
• Strong adversarial mindset with disciplined control of scope and operational risk.
• Balances speed and depth; prioritises material risk reduction over tool-driven output volume.
Key Requirements (Must-Have)
•Strong manual penetration testing experience
•Experience with: Vulnerability research; Pen testing tools, methodologies, and processes
•Hands-on experience using AI/LLMs: Experimenting with AI for security testing; Using LLMs for automation or research
•Ability to: Validate AI-generated findings manually; Translate findings into actionable insights
Nice-to-Have
•Experience building or automating AI-driven testing workflows
•Bug bounty / research background
•Advanced experimentation with LLMs in security contexts
Candidate Profile
•Senior, proactive, and research-driven
•At the cutting edge of AI in security
•Able to: Work independently; Lead assigned workstreams; Provide feedback to engineering teams
•Strong communication skills (critical for cross-team collaboration)
Key Hiring Considerations
•AI experience is mandatory (even if early-stage exposure)
•Pure security engineers without pen testing experience not suitable
•Strong preference for:Candidates already experimenting with AI tools in this space

Responsibilities

•Combine traditional penetration testing with AI capabilities
•Focus on: AI-enabled vulnerability research; Bug hunting using LLMs (Large Language Models)
•Perform end-to-end testing, including: Source code review using AI; Analysing AI outputs; Manually validating vulnerabilities
•New squad formed as part of a wider Cyber programme
•Cross-functional: Collaboration with engineering teams building AI tools
•Pen testers will: Act as validation and feedback layer to automation teams
• Works effectively in joint squads and supports uplift of tester and engineer capability.
• Mentors peers on exploit validation, triage quality, and AI-assisted offensive testing practices.
Ways of Working
• Comfortable in 4-week sprint cycles with clear milestones, status reporting, and measurable outcomes.
• Operates within a supervised testing model and agreed governance and approval gates.
• Uses structured workflows for evidence capture, triage handoff, remediation tracking, and closure.
• Supports continuous improvement through regular reviews of false positives, exploitability accuracy, and remediation velocity.
Core Responsibilities
• Lead advanced vulnerability research and penetration testing across code, APIs, infrastructure, and business logic.
• Validate and triage AI-generated findings, including exploit chaining where relevant.
• Drive risk-based prioritisation with engineering and product stakeholders.
• Support AI-assisted remediation by reviewing and improving proposed fixes before production implementation.
• Identify systemic design weaknesses and recurring root causes.
• Feed lessons learned into standards, secure coding practices, and regression prevention controls.
• Help maintain operational guardrails, auditability, and safe use of AI-led offensive testing.
• Act as a feedback engine to continuously improve the AI harness and overall bug-hunting workflow.

Other info

Senior penetration tester responsible for leading AI-enabled vulnerability research and bug-hunting across priority applications, with initial focus on internet-facing assets. The role combines deep manual offensive testing with frontier-model-assisted discovery, exploit validation (including chaining), risk-based triage, and remediation enablement. Focus is on identifying real exploitable risk quickly, preventing triage backlog growth, and improving security engineering outcomes through repeatable testing standards and guardrails.
Project Context
•
Critical programme addressing AI-related security threats
•
Strong executive visibility (CIO backed)
•
Building a new specialist squad within Cyber Security
•
Work will be iterative and agile, focused on identifying and remediating vulnerabilities
Working Model
•
Hybrid: Typically 1 day/week in office