Software Secured

Software Secured is a leading Penetration Testing as a Service company, with a head office in beautiful Ottawa, Canada. We help software development teams get ahead of hackers using a suite of services and products.

Our team of pentesters is seeking a pentester to join us and help secure a few hundred additional applications.

As a Pentester at Software Secured, you will have the opportunity to help our clients secure their mission-critical applications. This includes performing security code review, web, mobile, and network security tests. Help clients with security design reviews, threat modelling, and remediation strategies.

What You'll Do

  • Run manual penetration tests across web applications, APIs, mobile apps, and network infrastructure — from scoping through testing, reporting, client readout, and retest
  • Produce findings that are manually confirmed and exploitable, with remediation guidance a developer can act on without a follow-up call
  • Handle nuanced test cases beyond the standard checklist: business logic flaws, authorization edge cases, vulnerability chaining, and environment-specific attack paths
  • Present findings directly to client engineering teams and security leads — explaining what was found, why it matters, and how to fix it
  • Contribute to security design reviews and threat modelling engagements earlier in the SDLC
  • Mentor junior testers on test execution and report quality; contribute to methodology improvements, tooling, and internal playbooks
  • Develop domain depth in one or more service areas (web, network, mobile, code review) through our Domain Expertise Program — with formal recognition and stipend for engineers who build expertise that makes the whole team stronger

What We're Looking For

  • 2+ years of hands-on manual penetration testing — not scanner-assisted, manual
  • Demonstrated ability to run standard engagements end-to-end with minimal oversight: scope, test, report, readout, retest
  • Finds that go beyond OWASP Top 10 basics — business logic issues, complex auth flaws, chained vulnerabilities
  • Reports that are client-ready with low rework: technically accurate, clearly written, correctly risk-rated
  • Software development background in one or more of Python, .NET, Ruby, or Java — you understand how the thing was built, not just how to break it
  • Strong communication skills in both directions: writing that doesn't require a translator and calls where you can hold your own in front of an engineering team
  • Located in Canada and eligible to work (citizen, permanent resident, or valid work visa)

Nice to Have

  • OSCP, OSCP+, or GWAPT
  • Experience across multiple service areas (web + mobile, or web + network)
  • Familiarity with compliance frameworks that drive our clients' security programs: SOC 2, ISO 27001, PCI DSS, HIPAA

What we are offering:

🤑 Competitive base salary

🍁 Work remotely anywhere in Canada (you're welcome to work in the Ottawa office when you'd like the option).

🌍 Work remotely from anywhere in the world for up to 2 months per year.

💰 Yearly profit-sharing between 5 - 12% of your base salary, based on your performance.

💸 Perks such as: monthly UberEats budget, annual home office stipend.

🌴 3 weeks of vacation to start. Additionally, the whole company is off for the week between Christmas and the New Year.

🍼 Parental, bereavement and child loss leave.

🏥 You will receive a great health benefits package (includes dental, vision, practitioners, etc.).

    %FOOTER_POWERED_BY%breezy