Senior Penetration Tester – Web App & API Specialist

       Senior Penetration Tester

At phew we offer penetration testing, security assurance, and related cyber security services to a wide range of New Zealand and international clients, from innovative SaaS start-ups to publicly listed and critical infrastructure providers. Due to a high level of demand for our services, we have an exciting opportunity for an experienced Penetration Tester to join our quality-focused and talented team.

What can we offer you at phew?

• Real growth opportunities and the ability to shape your role and the strategies of the testing team
• A tight-knit team with a focus on collaborative working and knowledge sharing
• Hands-on exposure to diverse targets and projects, with plenty of autonomy, and a real impact on the quality of the business solutions we deliver to our clients
• Structured security research time that grows with seniority and experience
• Strong focus on upskilling and certification, with support through study leave and course costs
• Modern work culture, with flexibility for WFH and time in our central Auckland office

Key responsibilities:

• Conduct penetration testing across web, mobile, and API targets for diverse clients and targets
• Perform network and infrastructure security assessments (wired, wireless, internal, external)
• Mentor junior team members
• Engage directly with clients throughout the engagement lifecycle, guiding the testing strategy and providing actionable advice
• Contribute to the team’s security assurance strategies, tools, and methodologies to ensure effective outcomes
• Integrate security assurance activities within client and internal projects

What we’re looking for:

• Smart, self-motivated and skilled individuals who really want to take the next step in developing their career, and shaping their future in cyber security
• 3+ years of full-time penetration testing experience
• A strong track record in security research or bug bounty activities, with verifiable achievements such as:
  • CVE credits for high severity vulnerabilities such as RCE, SSRF, Deserialization, or SQLi
  • Participation in reputable CTFs or recognised bug bounty programs
• Ability to self-manage and deliver clear, high-quality reports
• Strong and clear communication skills, with the ability to communicate security and vulnerability concepts and findings with clarity to both internal and customer stakeholders
• In-depth knowledge and experience with penetration testing frameworks, tools and methodologies, such as OWASP and NIST, Burp Suite and Kali Linux
• Ideally you will have certifications in OSCP or equivalent (OSWE, OSCE or equivalent preferred) and other certs from Offensive Security, GIAC, CREST

If you are an experienced, ambitious Penetration Tester who is looking for a rare opportunity in an exciting and innovative Kiwi cyber security organisation, then please get in touch now for a confidential conversation.

We can assist with work visa sponsorship for suitably qualified candidates planning a move to NZ.