Pentester (Application Security Team)

Hi there!
We are Semrush, a global IT company developing our own product – a platform for digital marketers. New stars are born here, so don’t miss your chance.
This is our Pentester role for those who strive to implement functional processes and drive them to full completion.

Tasks in the role

Join Semrush’s Security Team, renowned for its cutting-edge approach to application security. As an Application Security Pentester, you will play a crucial role in enhancing our team’s capacity to conduct security audits efficiently during the release processes. Your expertise will help maintain the speed and quality of our software releases by proactively identifying and mitigating security vulnerabilities.

• Conduct thorough penetration tests on web applications, APIs, and other software components to uncover security vulnerabilities

• Identify, analyze, and prioritize security vulnerabilities, providing detailed recommendations for remediation

• Create and maintain custom scripts and tools to automate and streamline security testing procedures

• Keep abreast of the latest security threats, vulnerabilities, and industry trends to ensure proactive defense measures

• Participate in research, internal and external events (CTFs, meetups), and training to continually enhance the team’s capabilities

Who we are looking for

• Deep knowledge of common vulnerabilities, as outlined in standard awareness documents like the OWASP Top 10

• Ability to read and understand code in languages like Golang, Java, or Python to identify security flaws

• Familiarity with cloud environments and related security considerations

• Strong problem-solving skills with attention to detail in identifying and analyzing security issues

Not required, but a plus

• Certifications such as OSCP, OSWE, GWAPT, or other relevant credentials in the field of security

• Experience with automating security tests in CI/CD pipelines using tools like GitLab/GitHub CI/CD and YAML configurations

• Active participation in security communities, conferences, or events, demonstrating a commitment to the field

• Proficiency in scripting languages (e.g., Python, Bash) to automate routine tasks and enhance testing efficiency

• You share our common values: Trust, as we prefer to speak up and be our true selves; Sense of Ownership, as it’s not worth wasting time on something you don’t believe in; and enthusiasm for Constant Change, as we are always looking to make things better

A bit about the team

You can get to know the team better at one of the interviews, but some brief information about future colleagues will be useful now.

We are an actively growing security team using modern security approaches and tools. We are proud of the high level of responsibility and results of our work. It motivates us to grow and contribute more to the company's success!

Semrush Security Department contains:

• Application Security Team

• Infrastructure Security Team

• Common Flow & Compliance Team

As Semrush continues to grow, so does our demand for simplifying and automating workflows to meet the needs of our internal teams, partners, and external users.

The Semrush Security Department is a strong team. The famous security researcher Andrey Leonov and other talented guys are with us.

We speak at conferences, hold internal and external events (CTF, meetups), do research work, and train employees on how to find vulnerabilities and defend against them.

The Application Security Team is working on complex and multi-layer software products. As a member of AppSec, you will also be able to participate in building secure software development processes. We are not limited to basic workflows such as DAST and SAST; we focus our efforts on scalable investments in our engineering ecosystem to identify and drive high-impact security initiatives.

We are hiring for a security partner role to support product development at Semrush. In this role, you will work closely with engineering teams, building edge services, platform features, and backend infrastructure.

We are looking for security engineers who can be the voice of security in the defensive initiatives and identify the right security investments to help us build strong security processes.

We will try to create all the right conditions for you to work and rest comfortably

• This offer stands for the “hybrid” work format: some days, you work from the office, and some #wfh.

• Flexible working day start

• Unlimited PTO

• Hobby benefit

• Breakfast, snacks, and coffee at the office

• Corporate events

• Training, courses, conferences

• Gifts for employees

Finally, a little more about our company

Semrush is a leading online visibility management SaaS platform that enables businesses globally to run search engine optimization, pay-per-click, content, social media and competitive research campaigns and get measurable results from online marketing.
We’ve been developing our product for 16 years and have been awarded G2s Top 100 Software Products, Global and US Search Awards 2021, Great Place to Work Certification, Deloitte Technology Fast 500 and many more. In March 2021 Semrush went public and started trading on the NYSE with the SEMR ticker.

10,000,000+ users in America, Europe, Asia, and Australia have already tried Semrush, and over 1,000 people around the world are working on its development. The Semrush team is constantly growing.

Our new colleague, we are waiting for you!
Semrush is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based upon race, religion, creed, color, national origin, sex, pregnancy, sexual orientation, gender identity, gender expression, age, ancestry, physical or mental disability, or medical condition including medical characteristics, genetic identity, marital status, military service, or any other classification protected by applicable local, state or federal laws. All employment decisions are based on business needs, job requirements, merit, and individual qualifications.