Senior Penetration Tester

Dublin - Ireland

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Description

About Us:

At Sitecore our mission is to simplify how brands reach engage and serve people by delivering intelligent personalized digital experiences that connect the world. We empower the worlds most iconic brands to build lifelong relationships with their customersseamlessly smartly and at scale.

As the leading provider of agentic digital experience software Sitecore brings together content commerce and data into one composable platform that enables brands to deliver millions of meaningful adaptive experiences every day. Trusted by global leaders such as American Express Porsche Starbucks and LOréal Sitecore helps brands transform engagement through experiences that are not only personalized but predictive and dynamic.

Our foundation is our peoplea diverse passionate and collaborative global team spanning over 25 countries. We believe that every experience matters and that belief starts with how we work together.Our valuesguide how we lead innovate and connect. They are the behaviors that bring our mission and vision to life every day in every interaction.

As we continue to evolve we are actively cultivating AI skills across our teams to unlock new levels of creativity efficiency and insight. From engineering to customer experience AI capabilities are becoming integral to how we design build and deliver the next generation of digital experiences.

Learn more at.

About the Role:

As aSenior Penetration Tester (Web/API & Agentic/MCP) you will conductauthorized penetration testingacross SitecoresSaaS platforms APIs and AI/agentdriven servicesto identify and eliminate exploitable weaknesses prior to release. You will also act as a trusted security partner to engineering teams advising onsecure design testing decisions and risk remediation.

What Youll Do:

Perform authorizedweb application and API penetration testingon Sitecore products focusing onauth/authz businesslogic abuse IDOR/BOLA SSRF XSS and other injection flaws and multitenant isolation failurescommon in SaaS platforms
Conductdeep API security testingacrossREST/GraphQL includingOAuth 2.0 / OIDC flows JWT handling audience/scope validation and permissionmodel abuse
Executeagentic / MCP penetration testing includingtoolabuse scenarios prompttoaction exploit chains crosstool data exfiltration paths and validation of agent workflows invoking internal services
UseBurp Suiteas the primary manual testing tool for custom attack flows protocollevel manipulation andWAF bypasswhere applicable
Applywhitebox or hybrid testingwhen needed by reviewing mainlyC# / Core source codeto identifyuntrusted data flows (sources sinks)and thendynamically confirm exploitabilitythrough real request execution
Test cloud-native attack paths in containers / Pods / Kubernetes including container escape / escape to host and cluster misconfiguration exploitation where relevant
Produce clear actionable reports withPoCs reproducible steps impact assessment and concrete remediation guidance and support teams throughfix validation and retesting

What You Need to Succeed:

3 years of handson penetration testing experiencefocused onweb applications and APIs(not general security testing)
One or more offensive security certifications(e.g.e.g. OSCP OSWE CWEE GWEB GWAPT or equivalent) demonstrating practical exploitation skills
Strong proficiency withBurp Suiteand modernweb/API exploitation techniques
Ability to clearly communicate findings andcoach engineering teamson secure fixes and prevention
Strong analytical mindset and ability to reason aboutrealistic attack paths in cloudnative multitenant systems

Additional Skills That Could Set You Apart:

Demonstrated offensive track record (bug bounties CVEs published research/tools or strong lab performance such as PortSwigger/HTB)
Scripting or coding skills for PoCs and automation (Python C# PowerShell JavaScript)
Experience translating threat models into concrete abuse/attack scenarios and using them to uncover security gaps across components data flows and trust boundaries
Familiarity withCI/CD and engineering workflows(e.g. Azure DevOps) andSecure SDLC practices

Why Sitecore

At Sitecore we offer a vibrant work culture a collaborative environment and the opportunity to work on products that shape digital experiences globally. Were dedicated to fostering growth innovation and a commitment to our employees professional and personal development. Be part of a visionary innovation-driven team shaping the next era of AI-powered content management in a leading composable DXP.

Sitecore is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without unlawful regard to race color ancestry religion gender national origin sexual orientation age citizenship marital status disability veteran status or any other local legally protected characteristic.

Required Experience:

Senior IC

DescriptionAbout Us:At Sitecore our mission is to simplify how brands reach engage and serve people by delivering intelligent personalized digital experiences that connect the world. We empower the worlds most iconic brands to build lifelong relationships with their customersseamlessly smartly and a...

Description

About Us:

Learn more at.

About the Role:

What Youll Do:

Perform authorizedweb application and API penetration testingon Sitecore products focusing onauth/authz businesslogic abuse IDOR/BOLA SSRF XSS and other injection flaws and multitenant isolation failurescommon in SaaS platforms
Conductdeep API security testingacrossREST/GraphQL includingOAuth 2.0 / OIDC flows JWT handling audience/scope validation and permissionmodel abuse
Executeagentic / MCP penetration testing includingtoolabuse scenarios prompttoaction exploit chains crosstool data exfiltration paths and validation of agent workflows invoking internal services
UseBurp Suiteas the primary manual testing tool for custom attack flows protocollevel manipulation andWAF bypasswhere applicable
Applywhitebox or hybrid testingwhen needed by reviewing mainlyC# / Core source codeto identifyuntrusted data flows (sources sinks)and thendynamically confirm exploitabilitythrough real request execution
Test cloud-native attack paths in containers / Pods / Kubernetes including container escape / escape to host and cluster misconfiguration exploitation where relevant
Produce clear actionable reports withPoCs reproducible steps impact assessment and concrete remediation guidance and support teams throughfix validation and retesting

What You Need to Succeed:

3 years of handson penetration testing experiencefocused onweb applications and APIs(not general security testing)
One or more offensive security certifications(e.g.e.g. OSCP OSWE CWEE GWEB GWAPT or equivalent) demonstrating practical exploitation skills
Strong proficiency withBurp Suiteand modernweb/API exploitation techniques
Ability to clearly communicate findings andcoach engineering teamson secure fixes and prevention
Strong analytical mindset and ability to reason aboutrealistic attack paths in cloudnative multitenant systems

Additional Skills That Could Set You Apart:

Demonstrated offensive track record (bug bounties CVEs published research/tools or strong lab performance such as PortSwigger/HTB)
Scripting or coding skills for PoCs and automation (Python C# PowerShell JavaScript)
Experience translating threat models into concrete abuse/attack scenarios and using them to uncover security gaps across components data flows and trust boundaries
Familiarity withCI/CD and engineering workflows(e.g. Azure DevOps) andSecure SDLC practices

Why Sitecore

Required Experience:

Senior IC

Key Skills

Apply Now

About Company

Sitecore

Sitecore connects content, data, and personalization in one AI-powered platform. Move faster, work smarter, and create experiences that redefine what’s possible.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click