About GFT

GFT Technologies is an AI-centric global digital transformation company. We design advanced data and AI transformation solutions, modernize technology architectures and develop next-generation core systems for industry leaders in Banking, Insurance, Manufacturing and Robotics. Partnering closely with our clients, we push boundaries to unlock their full potential. With deep industry expertise, cutting-edge technology, and a strong partner ecosystem, GFT delivers responsible AI-centric solutions that combine engineering excellence, high-performance delivery and cost efficiency. Our team of 12,000+ technology experts operate in 20+ countries worldwide offering career opportunities at the forefront of software innovation.

Role Summary

As a Penetration Tester at GFT, you will assess and strengthen the security of banking applications, APIs, cloud platforms, infrastructure, and digital systems through authorised penetration testing. You will identify vulnerabilities, validate risks, support remediation, and ensure compliance with security and regulatory standards.
Working closely with security, engineering, DevOps, architecture, and business teams, you will perform security assessments across web, mobile, API, network, and cloud environments. This role requires strong ethical hacking expertise, knowledge of banking systems, and the flexibility to work onsite at client locations when required.

Role Responsibilities

• Conduct penetration testing across web, mobile, APIs, cloud, infrastructure, and banking platforms.
• Identify, validate, and document security vulnerabilities, including authentication, authorization, encryption, access control, session management, input validation, and business logic flaws.
• Perform security assessments using OWASP Top 10, OWASP API Top 10, OWASP MSTG, and banking security standards.
• Assess banking workflows, including payments, cards, accounts, AML/KYC, fraud management, and digital banking services.
• Produce penetration testing reports with risk ratings, business impact, evidence, and remediation recommendations.
• Partner with engineering and security teams to explain findings, support remediation, and validate fixes.
• Support security activities across the SDLC, including threat modelling, test planning, and release validation.
• Perform vulnerability assessments, validate exploitability, and eliminate false positives.
• Support audit and compliance activities with security evidence and remediation tracking.
• Stay current with emerging threats, attack techniques, and security best practice.

Required Skills

• Hands-on experience in penetration testing, ethical hacking, and vulnerability assessments across web, mobile, API, network, and cloud environments.
• Strong understanding of banking systems, digital banking, payments, AML/KYC, fraud management, and transaction workflows.
• Deep knowledge of web and API security, including OWASP Top 10, API security, IDOR, injection, broken access control, authentication, authorization, and business logic vulnerabilities.
• Experience testing iOS and Android applications, including authentication, session management, local storage, certificate pinning, and secure communications.
• Experience assessing networks, servers, operating systems, infrastructure security, and common vulnerabilities
• Knowledge of cloud security principles across AWS, Azure, or GCP.
• Proficiency with Burp Suite, OWASP ZAP, Nmap, Nessus, Metasploit, Wireshark, Postman, MobSF, or similar tools.
• Ability to produce clear security reports and communicate findings to technical and business stakeholders.
• Experience working with engineering teams to validate vulnerabilities, support remediation, and perform retesting.
• Understanding of secure coding, encryption, IAM, data privacy, and common security frameworks.
• Familiarity with security requirements in regulated industries, particularly banking and financial services.
•  Excellent English communication skills.

Nice to Have

• Experience delivering penetration testing for banks, fintechs, payment platforms, or financial institutions.
• Knowledge of PCI DSS, ISO 27001, SOC 2, SWIFT CSCF, and other banking security standards.
•  Experience with secure code reviews and SAST tools.
• Experience integrating security into CI/CD pipelines using SAST, DAST, SCA, container scanning, or secrets detection.
• Knowledge of container, Kubernetes, Docker, cloud, and Infrastructure-as-Code (IaC) security.
• Experience with red teaming, attack simulation, or adversary emulation.
• Scripting skills in Python, Bash, or PowerShell for automation.
• Security certifications such as CEH, eJPT, PNPT, OSCP, GPEN, GWAPT, CISSP, CISM, or equivalent.

 (Note: Due to the high volume of applications we receive, we are unable to respond to every candidate individually. If you have not received a response from GFT regarding your application within 10 workdays, please consider that we have decided to proceed with other candidates. We truly appreciate your interest in GFT and thank you for your understanding)