Cybersecurity experts / penetration testing

Job Title: Cybersecurity Expert / Penetration Tester

Location: Remote

Type: Full-Time/Part-time

About Band of Coders:

At Band of Coders, we build software solutions for startups and enterprises alike. Were a team of engineers, designers, and product strategists passionate about solving complex challenges through technology. As we continue to grow, were expanding our capabilities in cybersecurity to ensure that the solutions we deliver are secure, reliable, and resilient from day one.

Job Summary:

We are seeking a Cybersecurity Expert / Penetration Tester to join our growing team. This role involves identifying vulnerabilities in systems, applications, and infrastructure, and working collaboratively with development teams to remediate security risks. You will play a crucial role in enhancing our internal security practices and supporting client engagements where security is a top priority.

Key Responsibilities:

Conduct penetration tests on web and mobile applications, APIs, and cloud infrastructure (AWS, GCP, etc)

Perform security assessments and vulnerability scans using industry-standard tools

Analyze systems for misconfigurations, insecure code, and data exposure risks

Collaborate with developers to guide remediation efforts and implement secure coding practices

Design and improve internal security processes, including threat modeling and secure SDLC practices

Prepare technical reports and communicate findings and recommendations

Stay current with the latest security threats, tools, and best practices

Requirements:

3+ years of experience in cybersecurity, ethical hacking, or penetration testing

Proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, and Kali Linux

Strong understanding of web and mobile application security (OWASP Top 10)

Experience testing cloud-based infrastructure (AWS, GCP, etc.)

Familiarity with programming/scripting languages like Python, JavaScript, Bash, or PowerShell

Knowledge of network protocols, authentication mechanisms, and common vulnerabilities

Experience working in DevOps and CI/CD pipelines is a plus

Strong written and verbal communication skills, including technical documentation and reporting

Knowledge of regulatory frameworks and compliance standards (e.g., SOC 2, GDPR, HIPAA)

Nice to Have:

Certifications such as OSCP, CEH, CISSP, or GWAPT

Experience working with API Gateways (e.g., Kong), microservices, and event-driven architectures

Experience working with real-time communication systems like Twilio or LiveKit

Originally posted on Himalayas