Associate Security Engineer

Brain Station 23 is one of Bangladesh’s leading software development companies, headquartered in Dhaka, Bangladesh. Founded in 2006 by CEO Raisul Kabir after graduating from BUET, the company has grown into a global technology organization serving clients in Bangladesh, USA, UAE, Malaysia, UK, and the Netherlands. With more than 800 professionals, Brain Station 23 continues to deliver high-quality software and security solutions to international and local clients.

Brain Station 23 is hiring 2 Associate Security Engineers for its onsite permanent role in Dhaka. This role is ideal for cybersecurity professionals with strong offensive security expertise and hands-on penetration testing experience. Candidates will work on web applications, RESTful and GraphQL APIs, and optionally mobile applications using black-box, gray-box, and white-box methodologies. Working hours are Monday to Friday, 11:00 AM to 8:00 PM. Candidates should be capable of identifying vulnerabilities beyond automated testing using an attacker mindset.

The selected candidates will support pre-sales activities, perform penetration testing engagements, collaborate with development and DevSecOps teams for remediation, and contribute to internal security research and methodology development. Candidates applying under Type I or Type II pathways must clearly mention their qualifications, certifications, bug bounty achievements, CVEs, or research contributions. Applications must be submitted online before 30 June 2026.

• Bachelor’s degree in Computer Science, Cyber Security, Information Security, or related field preferred.

• 2–4 years of professional penetration testing experience in web applications, APIs, and preferably mobile platforms.

• Strong hands-on knowledge of black-box, gray-box, and white-box testing methodologies.

• Deep understanding of OWASP Top 10, OWASP API Security Top 10, and OWASP Mobile Top 10.

• Proficiency with Burp Suite Pro, OWASP ZAP, Postman, Frida, MobSF, and Nmap.

• Scripting skills in Python, Bash, or JavaScript for automation and exploit development.

• Strong knowledge of networking and web protocols including TCP/IP, DNS, HTTP/HTTPS, and TLS.

• Ability to prepare professional penetration testing reports with risk ratings and remediation guidance.

• Strong collaboration skills for working with development and DevSecOps teams.

• Excellent analytical thinking, adversarial mindset, and continuous learning attitude.

• Preferred certifications include OSCP, CPTS, CRT, CAPT, CIPT, or CMSE.

• Age limit: Not specified.

• Support pre-sales activities including project scoping, effort estimation, technical proposal preparation, and client consultation.

• Conduct comprehensive penetration testing for client web applications and identify exploitable vulnerabilities.

• Perform black-box, gray-box, and white-box security assessments across web, API, and mobile platforms.

• Identify, exploit, validate, and document security weaknesses based on industry security frameworks.

• Provide remediation guidance and collaborate with development teams to resolve vulnerabilities.

• Perform re-testing to validate security fixes and ensure vulnerabilities are fully resolved.

• Use creative attacker mindset to discover business logic flaws and advanced attack paths.

• Research emerging threats, CVEs, and evolving attack techniques to improve internal testing methodologies.

• Contribute to internal security capability building through playbooks, research, and process improvements.

• Salary: Negotiable

• Permanent full-time employment

• Working Hours: Monday to Friday, 11:00 AM – 8:00 PM

• Opportunity to work with global clients and large-scale security projects

• Career growth in a leading software and cybersecurity company

• Collaborative work environment with DevSecOps and engineering teams

• Exposure to modern offensive security tools and methodologies