Job Description

Career Area:

Technology, Digital and Data

Your Work Shapes the World at Caterpillar Inc.

When you join Caterpillar, you're joining a global team who cares not just about the work we do – but also about each other. We are the makers, problem solvers, and future world builders who are creating stronger, more sustainable communities. We don't just talk about progress and innovation here – we make it happen, with our customers, where we work and live. Together, we are building a better world, so we can all enjoy living in it.

We are seeking a Junior Penetration Tester to support our Cybersecurity Operations function by proactively identifying and validating security weaknesses across our hybrid web application environment. This role focuses on self-hosted and AWS-hosted web applications that support manufacturing business operations, corporate systems, and external-facing services. The ideal candidate has approximately three to five years of hands-on penetration testing experience, with a strong foundation in web application and API security, cloud-hosted architectures, and modern identity integrations using Microsoft Entra ID. You will execute scoped security assessments, safely demonstrate risk, and collaborate with engineering, IT, and security teams to drive measurable risk reduction while respecting uptime and stability requirements.

Job Duties & Responsibilities

Penetration Testing & Security Assessments

• Conduct manual penetration testing of self-hosted and AWS-hosted web applications, RESTful APIs, and backend services.
• Test authentication and authorization flows integrated with Microsoft Entra ID (SSO).
• Perform attack surface discovery including endpoint enumeration and environment exposure analysis.
• Assess application delivery components such as load balancers, WAFs, reverse proxies, and cloud-native services.

Vulnerability Validation & Exploitation

• Identify and validate OWASP Top 10 vulnerabilities and API-specific security issues.
• Evaluate configuration weaknesses including CORS, TLS, headers, and secrets management.
• Safely demonstrate exploitability and business impact using controlled proof-of-concept techniques.

​

Identity & Access Testing

• Assess OAuth2, OIDC, and SAML authentication flows using Microsoft Entra ID.
• Identify authorization gaps, role misconfigurations, and token handling issues.
• Review application registration permissions and conditional access enforcement where in scope.

Reporting, Remediation & Collaboration

• Produce clear, actionable security reports with reproduction steps and remediation guidance.
• Collaborate with engineering and IT teams to prioritize and remediate findings.
• Retest remediated vulnerabilities to confirm closure and prevent regression.
• Support purple-team activities and improve detection and logging coverage.

Required Skills & Qualifications

• 3-5 years of hands-on penetration testing or application security experience.
• Strong understanding of HTTP/S, TLS, DNS, authentication, authorization, and session management.
• Experience testing web applications and REST APIs in self-hosted and AWS environments.
• Working knowledge of AWS security fundamentals including IAM and network controls.
• Proficiency with tools such as Burp Suite, Nmap, Wireshark, and vulnerability scanners.
• Ability to script in Python, Bash, or PowerShell.
• Strong written and verbal communication skills.

Preferred Skills & Qualifications

• Deeper experience securing AWS-hosted applications and cloud-native services.
• Hands-on experience with Microsoft Entra ID SSO integrations and identity security testing.
• Familiarity with CI/CD pipelines, containerized workloads, and infrastructure-as-code.
• Exposure to secure SDLC practices and vulnerability management programs.
• Relevant certifications such as OSCP, PNPT, eJPT, GWAPT, GPEN, or Security+.

What is Solar Turbines offering to you?

• Excellent professional growth and career opportunities in an international environment of a worldwide leader in a very exciting and growing sector of industry

• Fair and friendly atmosphere

• Interesting remuneration package - at Solar we share our achievements with all employees

• Corporate bonus paid once a year

• Performance bonus paid twice a year

• 5 weeks holiday

• Meal allowance

• Cafeteria system up to 15000 points per year

• Multisport card

• Excellent coffee for free

• Pension or life insurance up to 24 000 CZ/per year

This position requires a 5-days in the office schedule.

Any offer of employment may be conditioned upon the successful completion of a background screening.

#LI-VH1

This position requires working onsite five days a week.Visa Sponsorship is not available for this position.

Posting Dates:

Caterpillar is an Equal Opportunity Employer. Qualified applicants of any age are encouraged to apply

Not ready to apply? Join our Talent Community