Senior Application Security Pentester (Application Security Team)
Hi there!
We are Semrush, a global Tech company developing our own product – a platform for digital marketers.
Are you ready to be a part of it? This is your chance! We’re hiring for Senior Application Security Pentester (Application Security Team).
Tasks in the role
As a Senior Application Security Pentester, you will play a key role in strengthening our security posture by ensuring efficient security audits during the release process.
Your expertise and proactive approach will help maintain the speed and quality of our software releases by identifying and mitigating vulnerabilities before they become critical issues. This role also offers the opportunity to contribute to the development and evolution of the Offensive Security function within the Security Department.
Key Responsibilities:
Lead and conduct in-depth penetration tests on web applications, APIs, and other software components to identify complex security vulnerabilities.
Analyze findings, prioritize risks, and provide strategic remediation recommendations while working closely with cross-functional teams.
Develop and refine custom scripts and tools to automate and optimize security testing processes.
Stay up to date with emerging threats, vulnerabilities, and industry trends to ensure proactive defense measures.
Contribute to knowledge sharing and continuous improvement through research, training, and participation in internal and external security events (e.g., CTFs, meetups).
Support the evolution of Offensive Security practices and processes within the Security Department.
Who we are looking for
Deep knowledge of common vulnerabilities and industry standards such as the OWASP Top 10.
Ability to read and understand code (e.g., Go, Java, Python) to identify security flaws.
Familiarity with cloud environments and related security considerations.
Strong analytical and problem-solving skills with attention to detail.
Not required but a plus
Experience using or building AI-assisted security testing solutions.
Certifications such as BSCP, OSWE, GWAPT, or similar.
Experience automating security tests in CI/CD pipelines (GitLab/GitHub CI/CD, YAML).
Active participation in security communities or conferences.
Proficiency in scripting languages (e.g., Python, Bash) to automate tasks.
Published CVEs or bug bounty reports. #LI-Remote
We will try to create all the right conditions for you to work and rest comfortably
Unlimited PTO
Flexible working hours
Inter Polska Health Insurance and Life Insurance co-financing
Worksmile Cafeteria Program (available after 2 months of employment), including co-financing for the Multisport card
Mental health support–private therapy sessions (in Polish and English)
B2B contract is also an option
Employee Referral Program
Buddy Program
Corporate events
Teambuilding
Training, courses, conferences
A little more about our company
Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization, pay-per-click, content, social media and competitive research campaigns and get measurable results from online marketing.
We've been developing our product for 17 years and have been awarded G2's Top 100 Software Products, Global and US Search Awards 2021, Great Place to Work Certification, Deloitte Technology Fast 500 and many more. In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker.
10,000,000+ users in America, Europe, Asia, and Australia have already tried Semrush, and over 1,700 people around the world are working on its development. The Semrush team is constantly growing.
Our Diversity, Equity, and Inclusion commitments
Semrush is an equal opportunity employer. Building a better future for marketers around the world unites people from all backgrounds. Even if you feel that you don’t 100% match all requirements, don’t be discouraged to apply! We are committed to ensure that everyone feels a sense of belonging in the workplace. We do not discriminate based upon race, religion, creed, color, national origin, sex, pregnancy, sexual orientation, gender identity, gender expression, age, ancestry, physical or mental disability, or medical condition including medical characteristics, genetic identity, marital status, military service, or any other classification protected by applicable local, state or federal laws.
Our new colleague, we are waiting for you!
About the job
Apply for this position
Senior Application Security Pentester (Application Security Team)
Hi there!
We are Semrush, a global Tech company developing our own product – a platform for digital marketers.
Are you ready to be a part of it? This is your chance! We’re hiring for Senior Application Security Pentester (Application Security Team).
Tasks in the role
As a Senior Application Security Pentester, you will play a key role in strengthening our security posture by ensuring efficient security audits during the release process.
Your expertise and proactive approach will help maintain the speed and quality of our software releases by identifying and mitigating vulnerabilities before they become critical issues. This role also offers the opportunity to contribute to the development and evolution of the Offensive Security function within the Security Department.
Key Responsibilities:
Lead and conduct in-depth penetration tests on web applications, APIs, and other software components to identify complex security vulnerabilities.
Analyze findings, prioritize risks, and provide strategic remediation recommendations while working closely with cross-functional teams.
Develop and refine custom scripts and tools to automate and optimize security testing processes.
Stay up to date with emerging threats, vulnerabilities, and industry trends to ensure proactive defense measures.
Contribute to knowledge sharing and continuous improvement through research, training, and participation in internal and external security events (e.g., CTFs, meetups).
Support the evolution of Offensive Security practices and processes within the Security Department.
Who we are looking for
Deep knowledge of common vulnerabilities and industry standards such as the OWASP Top 10.
Ability to read and understand code (e.g., Go, Java, Python) to identify security flaws.
Familiarity with cloud environments and related security considerations.
Strong analytical and problem-solving skills with attention to detail.
Not required but a plus
Experience using or building AI-assisted security testing solutions.
Certifications such as BSCP, OSWE, GWAPT, or similar.
Experience automating security tests in CI/CD pipelines (GitLab/GitHub CI/CD, YAML).
Active participation in security communities or conferences.
Proficiency in scripting languages (e.g., Python, Bash) to automate tasks.
Published CVEs or bug bounty reports. #LI-Remote
We will try to create all the right conditions for you to work and rest comfortably
Unlimited PTO
Flexible working hours
Inter Polska Health Insurance and Life Insurance co-financing
Worksmile Cafeteria Program (available after 2 months of employment), including co-financing for the Multisport card
Mental health support–private therapy sessions (in Polish and English)
B2B contract is also an option
Employee Referral Program
Buddy Program
Corporate events
Teambuilding
Training, courses, conferences
A little more about our company
Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization, pay-per-click, content, social media and competitive research campaigns and get measurable results from online marketing.
We've been developing our product for 17 years and have been awarded G2's Top 100 Software Products, Global and US Search Awards 2021, Great Place to Work Certification, Deloitte Technology Fast 500 and many more. In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker.
10,000,000+ users in America, Europe, Asia, and Australia have already tried Semrush, and over 1,700 people around the world are working on its development. The Semrush team is constantly growing.
Our Diversity, Equity, and Inclusion commitments
Semrush is an equal opportunity employer. Building a better future for marketers around the world unites people from all backgrounds. Even if you feel that you don’t 100% match all requirements, don’t be discouraged to apply! We are committed to ensure that everyone feels a sense of belonging in the workplace. We do not discriminate based upon race, religion, creed, color, national origin, sex, pregnancy, sexual orientation, gender identity, gender expression, age, ancestry, physical or mental disability, or medical condition including medical characteristics, genetic identity, marital status, military service, or any other classification protected by applicable local, state or federal laws.
Our new colleague, we are waiting for you!