We need an offensive security specialist who thrives on breaking complex business logic. This role focuses on the "6 Pillars" of our target platform, specifically looking for flaws in multi-tenancy, user privilege escalation, and CMS-specific vulnerabilities. You don't just find bugs; you find the architectural gaps that automated scanners miss.
Key Responsibilities:
Conduct deep-dive manual testing on a Drupal CMS backend and custom employer portals.
Test for Horizontal and Vertical Privilege Escalation across multiple user personas.
Identify IDOR, BOLA, and logic flaws in sensitive areas like salary data and company "Claim" workflows.
Develop robust Proof-of-Concept (PoC) scripts or screenshots for every finding.
Required Skills:
Certifications:
OSCP, GPEN, or eCPPT.
Expertise:
Deep knowledge of Drupal security, PHP-based exploits, and API security (REST/JWT).
Tools:
Expert-level Burp Suite Professional (Autorize, Repeater, Intruder), SQLmap, and Droopescan.
Specialty:
Proven track record of testing multi-tenant SaaS environments.