Jr. Offensive Security Engineer (Web/App Pentester)
Job Description
Title: Jr. Offensive Security Engineer (Web/App Pentester)
Company Name: The Kow Company Ltd.
Vacancy: 05
Age: 20 to 35 years
Job Location: Dhaka
Salary: Negotiable
Experience:
- At most 2 years
- The applicants should have experience in the following business area(s): Software Company, IT Enabled Service, Development Agency, Developer, E-commerce, Business-to-Business (B2B) Software and Services Startup
- Freshers are also encouraged to apply.
Published: 2025-10-21
Application Deadline: 2025-10-31
Education:
- Bachelor of Science (BSc) in Computer Science & Engineering
OSCP — Offensive Security Certified Professional
CEH — Certified Ethical Hacker
eJPT — eLearnSecurity Junior Penetration Tester
eCPPT — eLearnSecurity Certified Professional Penetration Tester
eWPT — eLearnSecurity Web Application Penetration Tester
Security+ — CompTIA Security+
Requirements:
- At most 2 years
- The applicants should have experience in the following business area(s): Software Company, IT Enabled Service, Development Agency, Developer, E-commerce, Business-to-Business (B2B) Software and Services Startup
- Freshers are also encouraged to apply.
Skills Required: Certified Ethical Hacker Certification (CEH),CompTIA,CTF or Bug Bounty,Cyber Security,Network Security,Penetration Tester
Additional Requirements:
- Age 20 to 35 years
Responsibilities & Context:
About the Role
You’ll focus primarily on web and API penetration testing. Day-to-day, you’ll live in Burp Suite, model findings against OWASP Top 10 / ASVS, and spin up quick shell/Python automations (including AI-assisted “vibe coding”) to speed recon, testing, and reporting.
What You’ll Do
Web & API pentesting (primary): Scope, test, validate, and document exploitable issues (XSS, SQLi, IDOR, SSRF, authN/Z flaws, logic bugs, deserialization, RCE).
Burp Suite power use: Advanced proxying, macros/session handling, Intruder strategies, Repeater/Comparer/Sequencer, extender/DIY helpers.
Recon & discovery: Subdomains/tech fingerprinting, parameter mining, content discovery, auth & permission testing, fuzzing.
AI automation / “vibe coding”: Use LLMs responsibly to scaffold scripts, generate wordlists/payloads, summarize logs, and draft report sections—always human-verified.
Scripting & tooling: Build/maintain small utilities (Bash/PowerShell/Python) and wrappers for ffuf, nuclei, dirsearch, sqlmap, etc.
Reporting & comms: Write crisp PoCs, risk ratings and remediation guidance; present findings to engineering and product.
Job Other Benifits:
Employment Status: Full Time
Job Work Place: Work at office
Company Information:
Gender: Male and Female can apply
Read Before Apply: Please apply only who are fulfilling all the requirements of this job
Category: IT & Telecommunication
