Penetration Tester

About the Role

The role of a Penetration Tester at Genesys is highly specialized, requiring a deep understanding of web and API security fundamentals, as well as experience with cloud-native systems and modern UI/API-driven flows. You will work closely with engineers to deliver actionable remediation guidance, produce high-quality reports, and operate effectively in a distributed, collaborative team environment.

Genesys Cloud is a cloud-native, multi-tenant SaaS platform built on AWS, with modern web experiences, extensive APIs, and rapidly growing AI capabilities. As a Penetration Tester, you will have the opportunity to work with cutting-edge technologies and contribute to securing AI-enabled features, ensuring they respect tenant boundaries and authorization controls.

What You Will Do

• Perform manual penetration testing across web applications, APIs, and infrastructure to identify vulnerabilities and weaknesses.
• Assess authentication and authorization mechanisms, including auth flaws, injection, and business logic risks.
• Develop clear proof-of-concepts to validate findings and retest fixes to ensure remediation is effective.
• Improve testing playbooks, tooling, and repeatable practices to enhance the overall security posture of Genesys Cloud.
• Own the day-to-day management of the bug bounty program, including scope, policies, rewards, and researcher engagement.
• Triage submissions, validate impact, align severity, and track remediation to ensure timely and effective resolution of vulnerabilities.
• Partner with engineering to route and resolve findings, maintaining high-quality communication with external researchers.
• Evaluate attack paths in a multi-tenant AWS environment, understanding architecture, trust boundaries, and service interactions.
• Identify weaknesses in API usage, input handling, and access controls, contributing to security reviews with an attacker mindset.
• Use AI-assisted workflows to enhance testing and analysis, assessing AI-enabled features for risks like prompt injection, data leakage, and misuse.
• Collaborate with engineers to deliver actionable remediation guidance, producing clear, high-quality reports and operating effectively in a distributed team.

What We Are Looking For

• At least 3+ years of experience in penetration testing, application/product security, or a similar field.
• Strong hands-on experience testing web applications and APIs, with a solid understanding of common vulnerabilities.
• Proficiency with tools like Burp Suite, dev tools, and scripting languages.
• Knowledge of authentication mechanisms, including cookies, tokens, OAuth, and sessions.
• Familiarity with cloud-native systems and AWS fundamentals.
• Strong communication and problem-solving skills, with the ability to work independently and own testing and bug bounty workflows.
• Experience with SaaS or large-scale customer-facing platforms is a plus.
• Understanding of modern front-end architectures and API security testing at scale is desirable.
• Basic coding/scripting skills in languages like Python, JS/TS, or Java are beneficial.

Nice to Have

• Experience with AI/LLM security risks and the ability to assess AI-enabled features for potential vulnerabilities.
• Knowledge of microservices, event-driven systems, and CI/CD pipelines.
• Familiarity with emerging technologies and trends in cybersecurity, such as cloud security and DevSecOps.
• Participation in bug bounty programs or experience with vulnerability disclosure policies.

Benefits and Perks

• Competitive compensation package, including a salary and benefits.
• Opportunity to work with a leading company in customer experience solutions.
• Collaborative and dynamic work environment with a team of experienced professionals.
• Professional development and growth opportunities, including training and education programs.
• Flexible work arrangements, including remote work options and a stipend for home office setup.
• Access to cutting-edge technologies and tools, including AI-assisted workflows and cloud-native systems.
• Recognition and reward programs for outstanding performance and contributions.
• Comprehensive health and wellness programs, including medical, dental, and vision insurance.

• To stand out as a candidate, highlight your experience with cloud-native systems, AI-assisted workflows, and modern UI/API-driven flows.
• Ensure your portfolio includes examples of previous penetration testing work, including proof-of-concepts and remediation guidance.
• Familiarize yourself with Genesys Cloud's technology stack and be prepared to discuss your experience with similar platforms.
• During the interview, be ready to walk through your approach to manual penetration testing and how you stay up-to-date with the latest security threats and trends.
• When discussing salary, be prepared to provide examples of your previous compensation packages and any relevant industry standards.
• Pay close attention to the company culture and values during the interview process, and be prepared to ask questions about the team's dynamics and collaboration style.