Experienced Penetration Tester, Software Point, Espoo

About the role

Software Point is a leading provider of Laboratory Information Management Systems (LIMS) in Northern Europe. The company has delivered innovative LIMS and biobank solutions to over 500 laboratories across public and private sectors in various industries, including healthcare, pharmaceuticals, biotechnology, energy, environment, food, forestry, packaging, steel, and chemicals. Our Finnish R&D team is part of LabVantage’s global R&D organization, and we develop products for worldwide distribution – for example, LabVantage Express and LabVantage Connect originated from Software Point.

In this role, you will be part of a global security team, working to strengthen the security of products and infrastructure through penetration testing and threat modeling. As a penetration tester, you will play a key role in simulating real-world attack scenarios and assessing vulnerabilities in systems, applications, APIs, and cloud environments. The work includes black-, white-, and grey-box testing, and you will produce clear reports and remediation recommendations for both technical and non-technical stakeholders. You will also participate in red/blue team exercises, social engineering testing, Java and JavaScript code audits, and security architecture evaluations. Additionally, you will develop attack tools, engage in purple team exercises, and support clients and internal teams in interpreting security testing results.

This position offers the opportunity to work in an international environment that combines technical depth, impact, and continuous development. The work is done in a hybrid model from the Espoo office, and Software Point provides modern tools and strong support for professional growth.

You are offered

• Extensive occupational health services from Mehiläinen (including therapy and dental care)
• Comprehensive leisure-time insurance
• Smartum sports and culture benefit (€400)
• HSL commuting benefit (€300/year)
• Gym and saunas at the office
• Free use of a Neurosonic recovery and massage divan at the office
• Office breakfast on Wednesdays

Work tasks

Penetration testing across web applications, APIs, networks, cloud, and SaaS environments. Source code reviews in Java and Javascript. Evaluating and tuning offensive security tools.

• Conduct penetration tests (web, API, network, cloud, SaaS)
• Perform red/blue team exercises and simulated attacks
• Review and audit Java/JavaScript code
• Participate in threat modeling and security architecture development
• Document findings and present remediation suggestions to stakeholders
• Develop and maintain attack tools and testing standards
• Support clients and development teams with security-related issues

We are looking for

• Minimum 5 years of experience in cybersecurity, with 2–3+ years in penetration testing
• OSCP certification; others like OSEP, OSWE, CRTP are a plus
• Experience with attack tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark)
• Familiarity with cloud platforms (AWS, Azure, GCP) and CNAPP tools
• Scripting skills (Python, Bash, PowerShell)
• Experience with CI/CD environments and DevSecOps mindset
• Good understanding of OWASP Top 10 vulnerabilities and industry standards (ISO 27001, NIST)
• Fluent in English; Finnish language B1-level (or higher) preferred

Our recruitment process

This recruitment process is handled by Academic Work and it is our client’s wish that all questions regarding the position is directed to Academic Work.

Our selection process is continuous and the advert may close before the recruitment process is completed if we have moved forward to the next phase. The process includes two tests: one personality test and one cognitive test. The tests are tools to find the right talent for the right position, to enable equality, diversity, and a fair process.