Jr. Offensive Security Engineer (Web/App Pentester)
Job Description
Title: Jr. Offensive Security Engineer (Web/App Pentester)
Company Name: The Kow Company Ltd.
Vacancy: 05
Age: 20 to 35 years
Job Location: Dhaka
Salary: Negotiable
Experience:
- At most 2 years
- The applicants should have experience in the following business area(s): Software Company, IT Enabled Service, Development Agency, Developer, E-commerce, Business-to-Business (B2B) Software and Services Startup
- Freshers are also encouraged to apply.
Published: 2025-10-21
Application Deadline: 2025-10-31
Education:
- Bachelor of Science (BSc) in Computer Science & Engineering
OSCP — Offensive Security Certified Professional
CEH — Certified Ethical Hacker
eJPT — eLearnSecurity Junior Penetration Tester
eCPPT — eLearnSecurity Certified Professional Penetration Tester
eWPT — eLearnSecurity Web Application Penetration Tester
Security+ — CompTIA Security+
Requirements:
- At most 2 years
- The applicants should have experience in the following business area(s): Software Company, IT Enabled Service, Development Agency, Developer, E-commerce, Business-to-Business (B2B) Software and Services Startup
- Freshers are also encouraged to apply.
Skills Required: Certified Ethical Hacker Certification (CEH),CompTIA,CTF or Bug Bounty,Cyber Security,Network Security,Penetration Tester
Additional Requirements:
- Age 20 to 35 years
Responsibilities & Context:
About the Role
You’ll focus primarily on web and API penetration testing. Day-to-day, you’ll live in Burp Suite, model findings against OWASP Top 10 / ASVS, and spin up quick shell/Python automations (including AI-assisted “vibe coding”) to speed recon, testing, and reporting.
What You’ll Do
Web & API pentesting (primary): Scope, test, validate, and document exploitable issues (XSS, SQLi, IDOR, SSRF, authN/Z flaws, logic bugs, deserialization, RCE).
Burp Suite power use: Advanced proxying, macros/session handling, Intruder strategies, Repeater/Comparer/Sequencer, extender/DIY helpers.
Recon & discovery: Subdomains/tech fingerprinting, parameter mining, content discovery, auth & permission testing, fuzzing.
AI automation / “vibe coding”: Use LLMs responsibly to scaffold scripts, generate wordlists/payloads, summarize logs, and draft report sections—always human-verified.
Scripting & tooling: Build/maintain small utilities (Bash/PowerShell/Python) and wrappers for ffuf, nuclei, dirsearch, sqlmap, etc.
Reporting & comms: Write crisp PoCs, risk ratings and remediation guidance; present findings to engineering and product.
Job Other Benifits:
Employment Status: Full Time
Job Work Place: Work at office
Company Information:
Gender: Male and Female can apply
Read Before Apply: Please apply only who are fulfilling all the requirements of this job
Category: IT & Telecommunication
Interested By University
| University | Percentage (%) |
|---|---|
| Daffodil International University (DIU) | 9.89% |
| Green University of Bangladesh | 4.95% |
| North South University | 4.95% |
| Bangladesh University of Business and Technology | 3.85% |
| 3.85% | |
| American International University Bangladesh (AIUB) | 3.30% |
| BRAC University | 2.75% |
| World University of Bangladesh | 2.20% |
| Ahsanullah University of Science and Technology (AUST) | 1.65% |
| Jahangirnagar University | 1.65% |
Interested By Age Range
| Age Range | Percentage (%) |
|---|---|
| 20-30 | 82.97% |
| 31-35 | 8.24% |
| 36-40 | 1.65% |
| 40+ | 2.20% |
Interested By Salary Range
| Salary Range | Percentage (%) |
|---|---|
| 0-20K | 21.55% |
| 20K-30K | 36.46% |
| 30K-40K | 21.55% |
| 40K-50K | 8.84% |
| 50K+ | 11.60% |
Interested By Experience Range
| Experience Range | Percentage (%) |
|---|---|
| 0 years (Freshers) | 51.10% |
| 0.1 - 1 years | 13.74% |
| 1.1 - 3 years | 16.48% |
| 3.1 - 5 years | 12.09% |
| 5+ years | 6.59% |
