About GFT

GFT Technologies is an AI-centric global digital transformation company. We design advanced data and AI transformation solutions, modernize technology architectures and develop next-generation core systems for industry leaders in Banking, Insurance, Manufacturing and Robotics. Partnering closely with our clients, we push boundaries to unlock their full potential. With deep industry expertise, cutting-edge technology, and a strong partner ecosystem, GFT delivers responsible AI-centric solutions that combine engineering excellence, high-performance delivery and cost efficiency. Our team of 12,000+ technology experts operates in 20+ countries worldwide offering career opportunities at the forefront of software innovation.

Role Summary

As a Lead Penetration Tester at GFT, you will lead efforts to assess and enhance the security of banking applications, APIs, cloud platforms, infrastructure, and digital systems through authorised penetration testing. You will identify and validate vulnerabilities, assess risk impact, guide remediation efforts, and ensure alignment with security and regulatory standards.
Working closely with security, engineering, DevOps, architecture, and business stakeholders, you will drive and oversee security assessments across web, mobile, API, network, and cloud environments. This role requires deep expertise in ethical hacking, a strong understanding of banking systems, and the ability to operate effectively in client-facing environments, including flexibility to work onsite when required.

Role Responsibilities

• Lead and execute penetration testing across web, mobile, APIs, cloud, infrastructure, and banking platforms
• Own end-to-end testing engagements, including: scoping with stakeholders, test planning, execution, reporting and remediation validation
• Identify, validate, and document security vulnerabilities, including authentication, authorization, encryption, access control, session management, input validation, and business logic flaws.
• Perform security assessments using OWASP Top 10, OWASP API Top 10, OWASP MSTG, and banking security standards.
• Assess banking workflows, including payments, cards, accounts, AML/KYC, fraud management, and digital banking services.
• Produce penetration testing reports with risk ratings, business impact, evidence, and remediation recommendations.
• Support security activities across the SDLC, including threat modelling, test planning, and release validation.
• Perform vulnerability assessments, validate exploitability, and eliminate false positives.
• Support audit and compliance activities with security evidence and remediation tracking.
• Stay current with emerging threats, attack techniques, and security best practices.
• Mentor and guide junior and mid-level penetration testers

Required Skills

• Hands-on experience in penetration testing, ethical hacking, and vulnerability assessments across web, mobile, API, network, and cloud environments.
• Experience leading a penetration testing team or security practice.
• Strong understanding of banking systems, digital banking, payments, AML/KYC, fraud management, and transaction workflows.
• Deep knowledge of web and API security, including OWASP Top 10, API security, IDOR, injection, broken access control, authentication, authorization, and business logic vulnerabilities.
• Experience testing iOS and Android applications, including authentication, session management, local storage, certificate pinning, and secure communications.
• Experience assessing networks, servers, operating systems, infrastructure security, and common vulnerabilities.
• Knowledge of cloud security principles across AWS, Azure, or GCP.
• Proficiency with Burp Suite, OWASP ZAP, Nmap, Nessus, Metasploit, Wireshark, Postman, MobSF, or similar tools.
• Ability to produce clear security reports and communicate findings to technical and business stakeholders.
• Experience working with engineering teams to validate vulnerabilities, support remediation, and perform retesting.
• Understanding of secure coding, encryption, IAM, data privacy, and common security frameworks.
• Familiarity with security requirements in regulated industries, particularly banking and financial services.
• Excellent English communication skills.

Nice to Have

• Experience delivering penetration testing for banks, fintechs, payment platforms, or financial institutions.
• Experience with secure code reviews and SAST tools.
• Experience integrating security into CI/CD pipelines using SAST, DAST, SCA, container scanning, or secrets detection.
• Knowledge of container, Kubernetes, Docker, cloud, and Infrastructure-as-Code (IaC) security.
• Experience with red teaming, attack simulation, or adversary emulation.
• Scripting skills in Python, Bash, or PowerShell for automation.
• Security certifications such as CEH, eJPT, PNPT, OSCP, GPEN, GWAPT, CISSP, CISM, or equivalent.

(Note: Due to the high volume of applications we receive, we are unable to respond to every candidate individually. If you have not received a response from GFT regarding your application within 10 workdays, please consider that we have decided to proceed with other candidates. We truly appreciate your interest in GFT and thank you for your understanding)