The Information Systems Agency of Armenia (ISAA) is supporting the creation of the Armenian e-society. In collaboration with the Government and the Central Bank of Armenia, our mission is to implement key standards for how public services and digital projects should be delivered. Our guiding standard is the “Digital Architecture of Armenia,” a Government-approved approach that places interoperability, security, and high-quality service delivery as its core pillars.
Our team consists of technology and policy-making specialists from various sectors. We work transparently, engaging both public and private sectors, to help Armenia realize its goal of becoming a truly electronic society.

You are a security-focused professional with a strong understanding of web technologies and deep knowledge of web security principles. You are comfortable performing both manual and automated penetration testing and can skillfully identify and exploit vulnerabilities such as XSS, SQLi, CSRF, SSRF, IDOR, RCE, and authentication/authorization bypass issues.
You excel at analyzing complex systems, reproducing issues, and clearly communicating risk and remediation steps to technical and non-technical stakeholders alike. Your attention to detail, problem-solving mindset, and ability to work independently make you effective in agile and fast-paced environments.
In addition to your technical strengths, you stay up to date on emerging threats, tools, and best practices. You may also bring experience in secure code review, DevSecOps processes, and continuous security testing initiatives.

• Perform manual and automated penetration testing on web applications, APIs, and related components.
• Identify vulnerabilities such as OWASP Top 10 issues, business logic flaws, misconfigurations, and insecure coding practices.
• Conduct threat modeling, attack surface analysis, and risk assessments for new and existing applications.
• Perform manual exploitation to validate findings and assess impact.
• Produce detailed, high-quality reports outlining findings, risk ratings, impact, and actionable remediation recommendations.
• Collaborate with developers to explain vulnerabilities, provide mitigation strategies, and verify fixes.
• Stay updated with the latest security threats, tools, and best practices in application security.
• Assist with secure code reviews, DevSecOps integration, and continuous security testing initiatives.

• Solid understanding of web technologies.
• Strong knowledge of the TCP/IP protocol stack.
• Strong knowledge of web security principles and common vulnerabilities.
• Practical experience using penetration testing tools such as Burp Suite Pro.
• Ability to manually test and exploit vulnerabilities such as XSS, SQLi, CSRF, SSRF, IDOR, RCE, authentication/authorization bypass, etc.
• Proficiency in writing clear and concise technical documentation.
• Strong analytical, communication, and problem-solving skills.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (optional but preferred).
• Certifications such as OSWA, HTB CWES, Burp Suite Certified Practitioner, or similar.
• Knowledge of DevSecOps, SAST/DAST tools, and security monitoring platforms.
• Strong attention to detail and ability to work independently and prioritize tasks.
• Strong communication skills, especially when translating technical issues for non-technical teams.
• Ability to work in fast-paced, agile environments.

Please send your CV to hr@isaa.am, ensuring you mention the position name Penetration Tester in the subject line of the email.