About the Role
HolistiQ Technologies is seeking a skilled Penetration Tester / Ethical Hacker to identify, exploit, document, and help remediate security vulnerabilities across web applications, APIs, cloud infrastructure, authentication systems, databases, mobile applications, and digital platforms.
You will work alongside software engineers, technical architects, and cybersecurity professionals to secure projects throughout development, launch, and ongoing production operation.
Key Responsibilities
- Conduct web application, API, cloud, infrastructure, and mobile penetration testing.
- Identify and safely exploit vulnerabilities, authentication flaws, broken access controls, API vulnerabilities, and business logic weaknesses.
- Perform vulnerability assessments, security testing, exploit validation, and security regression testing.
- Test against OWASP Top 10 and OWASP API Security Top 10 vulnerabilities.
- Produce professional penetration testing reports with evidence, severity ratings, business impact, and remediation recommendations.
- Retest vulnerabilities and verify security fixes.
- Perform security testing following material platform updates and production changes.
- Immediately escalate critical vulnerabilities and security incidents.
- Work collaboratively with developers and security teams to improve application and infrastructure security.
- Conduct all testing within documented scope and written Security Testing Authorisations.
Required Skills
Practical experience in penetration testing, ethical hacking, vulnerability assessment, web application security, API security, network security, cloud security, Burp Suite, Nmap, OWASP, authentication testing, access control testing, exploit validation, vulnerability remediation, and technical security reporting.
Experience with AWS, Azure, Docker, Kubernetes, CI/CD security, mobile application security, secure code review, Python, Bash, PowerShell, Metasploit, SQL injection testing, privilege escalation, or DevSecOps is advantageous.
Certifications such as OSCP, OSWE, OSEP, BSCP, CREST, PNPT, CompTIA PenTest+, Security+, eJPT, eCPPT, or equivalent practical experience are desirable but not essential.
Compensation & Structure
This is not a salaried employment position at this stage.
Successful candidates will be appointed as Contributor Members and participate in a profit-sharing model under which 60% of Net Profit from Projects is allocated collectively to eligible Contributor Members and distributed based on level of seniority and participation.
This is not a traditional employment opportunity. We are looking for someone who wants to help build, protect, and scale innovative technology platforms while sharing in the long-term value they create.
The salary field shown on Indeed is a platform requirement and should be treated as a placeholder only.
Pay: £30,471.56-£81,672.68 per year
Work Location: Remote