Senior Pen Testing Engineer

About Bosta:
Launched in 2017, Bosta is an overnight delivery provider for E-commerce companies in Egypt. Leveraging technology to empower businesses is what we do best. Our goal is to disrupt the logistics industry by bringing technology and experience altogether to provide a one-stop shop for delivery solutions. 
We rely on advanced technology to deliver orders to our customers in a fast way. Businesses can track and connect with couriers and follow up on their orders - all in one system.
About the role:
As a Senior Penetration Tester, you will play a key role in strengthening the security of our web applications and APIs. You will conduct in-depth white-box penetration testing, identify vulnerabilities early through threat modeling, and work closely with engineering teams to ensure secure design and effective remediation. This role requires strong technical expertise, clear communication, and a proactive approach to staying ahead of emerging security threats.
Job Code:
2025TECH-209

Job Responsibilities

• White Box Web Application Penetration Testing: Perform in-depth assessments of web applications using source code, architecture diagrams, and other internal documentation to identify vulnerabilities and security gaps.
• API Penetration Testing: Evaluate RESTful APIs for security flaws, including authorization, authentication, data exposure, business logic vulnerabilities, and protocol-specific threats.
• Threat Modeling & Risk Assessment: Analyze application designs and threat models to discover potential weaknesses before testing begins.
• Vulnerability Identification.
• Reporting & Communication: Clearly document findings, evidence, and remediation steps; present results to technical and non-technical stakeholders.
• Collaboration: Work hand-in-hand with development, DevOps, and infrastructure teams to design secure applications and validate remediation efforts.
• Security Best Practices: Stay up-to-date on the latest security trends, vulnerabilities, and exploitation techniques relevant to web and API environments.

Job Qualifications

• 3+ years in penetration testing, with a focus on mobile, web applications, and APIs.
• Hands-on experience with white box testing methodologies.
• Strong understanding of web application architectures, authentication, and authorization mechanisms.
• Familiarity with JavaScript, Python, Java, or other modern programming languages.
• Experience reading and analyzing source code to identify security issues.
• Proficiency with common penetration testing tools, Knowledge of secure coding standards and practices.
• Excellent problem-solving and analytical skills.
• Effective written and verbal communication.
• Strong attention to detail and ability to work both independently and as part of a team.