CSST Analyst

Technologies we use

About the project

Your responsibilities

• Analyze, assess, and respond to security vulnerabilities reported via the Bug Bounty Program
• Reproduce and validate reported vulnerabilities and perform root cause analysis
• Communicate effectively with internal teams and external security researchers
• Collaborate with stakeholders to explain risks and track remediation progress
• Drive improvements in processes, tooling, and automation to enhance program efficiency
• Advise on vulnerability remediation, control implementation, and secure development practices
• Ensure continuous improvement of the Bug Bounty Program in line with cybersecurity strategy
• Note: Detailed project information will be shared during the recruitment process.

Our requirements

• Strong written and verbal communication skills in English
• Ability to clearly articulate technical issues and their business impact
• Hands-on experience in penetration testing (at least 4 years)
• Expertise in at least one pentest domain (infrastructure, web apps, or mobile)
• Solid understanding of platform security models for iOS and Android
• Strong knowledge of web and mobile application security risks
• Practical experience with manual and automated testing methods
• Excellent understanding of TCP/IP, cryptography, and security implications
• Proven programming/scripting skills
• Ability to work independently and solve complex technical problems

Optional

• Previous participation in Bug Bounty Programs
• Familiarity with OWASP MASVS, OWASP MSTG
• Experience with SAST, DAST, IAST tools and security code reviews
• Knowledge of DevOps practices and secure SDLC
• Experience with Java, Kotlin, Objective-C, Swift
• Understanding of OAuth2, JWT, SSL, Biometric Authentication, RASP
• Prior experience with cloud-hosted applications and reverse engineering

This is how we organize our work

This is how we work

This is how we work on a project

What we offer

• Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.)
• Hybrid work setup – remote days available depending on the client’s arrangements
• Collaborative team culture – work alongside experienced professionals eager to share knowledge
• Continuous development – access to training platforms and growth opportunities
• Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
• High quality equipment – laptop and essential software provided

Benefits