Expert Penetration Tester

Job ID: 5010

Welcome to Group Technology, where we pride ourselves on engineering solutions and direct Nordea’s transformation by providing a holistic technological view and structured understanding of the bank, and its surrounding environment to enable the Customer Vision and the Business Strategy.

We are looking for a Expert Security Penetration Tester to join our Cyber Security area and support security penetration testing across critical banking systems, applications, infrastructure, and cloud environments.

Nordea is a place where traditions meet tomorrow. We're not just a bank, we're a tech employer on a mission to evolve finance securely and responsibly. Together, we impact millions of people’s daily lives by ensuring they can access our solutions anytime, anywhere, while safeguarding their personal data and wealth. Join us in making an impact on the banking industry.

About our team

Meet the Internal Security Testing team. Our role is to add value by de-risking the bank and early detecting security issues in the IT infrastructure and applications. As an Expert Security PenTester, you'll play a valuable role in Security Testing process. The role is based in Gdańsk or Warsaw.

Main responsibilities in this role: 

• Lead penetration tests of web applications, APIs, infrastructure, and cloud-based solutions used across the bank.
• Perform in-depth vulnerability assessments, exploit validation, and security reviews with a risk-based mindset.
• Prepare high-quality security testing reports and present technical findings to both technical and non-technical stakeholders.
• Support the development of testing methods, tools and team knowledge.

Who you are

This is the right role for you if you are curious, take ownership of your work, combine a strong technical mindset with sound judgment, and are comfortable working independently as well as with cross-functional teams.

Your background and skills include:

• 5+ years of hands-on experience in penetration testing, red teaming.
• Strong knowledge of penetration testing tools such as Burp Suite, Metasploit, Nmap, Wireshark and BloodHound. 
• Good understanding of  Windows and Linux operating systems, including scripting in PowerShell and Bash. 
• Solid knowledge of networking concepts.
• Familiarity with industry standards and frameworks such as OWASP Top 10 and  MITRE ATT&CK.
• Specialization in at least two of the following areas: Web application security, AI based penetration testing, Infrastructure penetration testing, Cloud security assessments, Reverse engineering, Secure code review.
• Ability to explain complex technical issues in a clear and practical way. 

It would be ideal if you also:

• Working knowledge of software development concepts and the ability to read code written in common programming languages such as Java, Python, C, or C#. 
• Relevant security certifications such as OSCP, OSWE, OSEP, OSED, GPEN, GXPN, WAPT, WAPTX, Security+, MASPT, CEH, or CRTP/CRTE will be considered an advantage.
• Track record of meaningful research achievements such as CVEs, bug bounty recognitions, or public security contributions is a strong advantage.

What we offer

Collaboration. Ownership. Passion. Courage. These are the values that guide us in how we work and how we make decisions – and that we imagine you share with us.

People are driven by many different factors. For some, it’s to take their career to the next level. For others, it’s to break new ground within their area of expertise – in other words, with us, you will always move forward.

A culture that fosters performance and growth in one of the largest Nordic banks, offering various opportunities to evolve, develop and learn from brilliant colleagues with diverse backgrounds in a vibrant working environment.

Hybrid working model – we believe in the value of bringing people together and at the same time we embrace the freedom of flexibility.

Diversity and inclusion are a natural part of our daily work. We know that an inclusive workplace is a sustainable one. We genuinely believe that our diverse backgrounds, experiences, characteristics and traits make us stronger together. Every day we strive to find new ways to improve diversity and inclusion within our community e.g. we have signed the European Diversity Charters in the countries where we operate to show our commitment and engage with others to continue learning and improving.

If this sounds like you, get in touch!

Next steps

​Submit your application no later than 03/08/2026.

The recruitment process consists of the following steps:

• Preliminary CV selection
• Phone conversation with the recruiter
• Online interview with the hiring leader
• Practical exercises on lab environment 
• Background check

We enable dreams and aspirations for a greater good.

We build relationships. We add a personal touch to everything we do – when advising our customers, collaborating with colleagues, and meeting our potential candidates.

We learn and develop. We take pride in being experts and thinking ahead. We use our expertise to meet our customers’ needs, from the simplest to the most complex. We bring a growth mindset to our work that enables us to focus on a broader perspective in our daily challenges.

We lead change. We are responsible and aware of the impact of our decisions, both for our customers and for our local and global communities. Mindful of our responsibility towards current and future generations, we have made sustainability an integrated part of our business strategy.

We are Nordea. We have a 200-year history of supporting and growing the Nordic economies and our values are deeply rooted in these open, progressive and collaborative societies. As one of the biggest employers in the Nordics, Poland and Estonia, you have excellent opportunities to evolve, develop and move forward with us. Studies show that members of underrepresented communities don’t apply for jobs unless they tick all the qualification boxes. If this is part of why you hesitate to apply, we would like you to reconsider and give it a chance. Maybe your profile fits our needs much better than you think.

Please include permit for processing personal data in CV as following:

In accordance with art. 6 (1) a and b. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter ‘GDPR’. I agree to have: my personal data, education and employment history proceeded for the purposes of current and future recruitment processes in Nordea Bank Abp.

The administrator of your personal data is: Nordea Bank Abp operating in Poland through its Branch, address: Aleja Edwarda Rydza Śmiglego 20, 93-281 Łodź. Your personal data will be processed for the recruitment processes in Nordea Bank Abp. You have a right to access your personal data, right to rectify and right to delete. Disclosing the personal data in the scope specified by the provisions of Polish Labour Code from 26 June 1974 and executive acts are mandatory. Providing personal data is necessary to conduct the recruitment processes. The request for the deletion of your personal data means resignation from further participation in recruitment processes and causes the immediate removal of your application. Detailed information concerning processing of your personal data can be found at: https://www.nordea.com/en/doc/nordea-privacy-policy-for-applicants.pdf

We reserve the right to reply only to selected applications.