About CyStack

CyStack is a pioneering cybersecurity company based in Vietnam. We specialize in developing innovative security products for both businesses and individuals, including the bug bounty platform WhiteHub, the password manager Locker, and the automated vulnerability scanner CyStack Vulnerability Scanner.

CyStack's award-winning solutions focus on data protection, cyber attack prevention, and security risk management for enterprises. Our exceptional researchers are renowned speakers at top cybersecurity conferences and skilled bug hunters, acknowledged in the Hall of Fame of Global Tech Giants for discovering critical vulnerabilities.

About the team and role

At CyStack, our Security Team plays a vital role in keeping our products, infrastructure, and customers' data safe from cyber threats. As part of the team, you'll help build and maintain strong defenses against hackers and malware.

As a Penetration Tester, you'll be at the forefront of our cybersecurity offerings, conducting comprehensive assessments to identify vulnerabilities in clients' systems, networks, and applications. Your role involves employing advanced techniques to simulate real-world attacks, providing clients with actionable insights to strengthen their security posture.

You will


  • Perform security assessments on web and mobile apps for clients, using both blackbox and greybox methods as per checklists provided.
  • Thoroughly document and report any security flaws found in each project, ensuring clarity and completeness.
  • Reevaluate and confirm resolved security issues after the client's remediation efforts to ensure they've been effectively addressed.
  • Provide tailored recommendations to clients, guiding them on the best practices for enhancing their cybersecurity posture and protecting their assets.

Research & Development (R&D)

  • Share foundational security insights (news, tips, straightforward techniques, etc.) with the CyStack community through articles.
  • Engage in designated cybersecurity competitions like Capture The Flag (CTF) and hackathon contests.
  • Explore and experiment with novel security techniques, contributing to our collective understanding of emerging threats and defenses.

You may be a suitable candidate for this role if you


  • Have a deep understanding of web-related protocols such as HTTP.
  • Demonstrated proficiency in server-side, client-side, and advanced security vulnerabilities.
  • Familiarity with the OWASP Web Security Testing Guide (WSTG) stable version and the latest OWASP Top 10.
  • Possess basic security knowledge of Windows and Linux operating systems.


  • Intermediate-level programming proficiency in at least one language such as Python, Node.js, Go, or Rust.
  • Competence in utilizing various shells in Windows and Linux, with familiarity and ease of use with Windows Subsystem for Linux (WSL).
  • Ability to comprehend and effectively utilize technical documentation.
  • Conduct thorough reconnaissance on specified targets, encompassing subdomain scanning, port scanning, technology stack enumeration, and associated application mapping.
  • Identify and assess published vulnerabilities in third-party software utilized by test targets.
  • Analyze web and API application vulnerabilities spanning categories like Configuration, Authentication, Authorization, Input Validation, Business Logic, and Client-side.
  • Actively seek out and evaluate new testing tools and methodologies.
  • Proficient in setting up mobile application testing environments.


  • Proficient in Integrated Development Environments (IDEs) like PyCharm and IntelliJ, as well as tools such as Burp Suite, Wireshark, and various shells including Command Prompt, PowerShell, and bash. Also adept with Windows Subsystem for Linux (WSL) and reconnaissance utilities such as Google, subfinder, nmap, and Wappalyzer.
  • Familiarity with automated vulnerability scanning platforms such as Acunetix, Greenbone OpenVAS, Nessus, and nuclei, along with specific vulnerability scanners like Metasploit Framework, SQLmap, John the Ripper, and Hashcat.
  • Experienced in configuring mobile application testing environments using tools such as Genymotion and Android Studio.


  • Comprehensive training and development opportunities in a professional and rigorous software development and cybersecurity research environment.
  • Direct involvement in the development of software products used by thousands of users, giving you hands-on experience and exposure to real-world scenarios.
  • Participation in extracurricular activities of CyStack, including networking events, hackathons, and team-building activities.

How to apply

We recruit for all of our vacancies on a rolling basis, so we strongly suggest you apply as early as possible.

We look forward to receiving your CV/Resume, which should include the following information:

  • Name
  • Education and work experience
  • Vulnerability findings
  • Achievements, awards, certificates
  • A portfolio of any relevant work (in English)
  • A link to your LinkedIn profile (if any)

Please send your CV/Resume to hr@cystack.net with the title [Job application] Penetration Tester - Your full name


For more information contact: Mr. Thanh – HR Management. Tel: +84 832 447 899