Overview
We are looking for a Penetration Tester with 2–5 years of hands-on experience performing end-to-end security assessments across a variety of technologies and environments. The role involves conducting comprehensive evaluations of applications, networks, and infrastructure, identifying exploitable weaknesses, and delivering clear, actionable remediation guidance to stakeholders at all levels.
Key Responsibilities
- Execute comprehensive penetration tests on diverse environments including:
- Web and mobile applications
- Internal and external networks
- APIs and cloud-hosted services (AWS, Azure, GCP)
- Infrastructure components, Active Directory, and enterprise systems
- Perform threat modeling, exploitation, and post-exploitation activities to determine true business impact.
- Assess both technical and procedural security controls, validating configurations and identifying weaknesses in authentication, authorization, and data protection.
- Develop and maintain custom scripts, payloads, and automation tools to enhance testing depth and efficiency.
- Produce detailed technical reports with risk ratings, reproduction steps, and practical mitigation recommendations.
- Deliver executive summaries and presentations that translate technical findings into business risk terms.
- Collaborate with engineering, development, and security teams to support remediation and retesting efforts.
- Stay informed on emerging vulnerabilities, exploits, and security frameworks, integrating new techniques into testing methodologies.
- Contribute to the ongoing refinement of internal testing standards, playbooks, and templates.
Required Qualifications
- 2–5 years of professional experience in penetration testing, offensive security, or vulnerability research.
- Strong knowledge of:
- Web application security (OWASP Top 10, API vulnerabilities)
- Network and infrastructure security, including routing, segmentation, and privilege escalation
- Operating system internals (Windows, Linux) and common misconfigurations
- Proficiency with leading tools such as:
- Burp Suite, Nmap, Metasploit, Nessus, Wireshark, SQLmap, Hydra, BloodHound, or equivalent frameworks
- Scripting ability in Python, PowerShell, or Bash for custom exploitation or automation.
- Familiarity with cloud security testing (AWS IAM, Azure AD, containerized workloads).
- Excellent documentation and client-facing communication skills.
Preferred Certifications
- OSCP, eJPT, CEH, GPEN, HTB CPTS or similar offensive security certifications
- Cloud or DevSecOps certifications (e.g., AWS Security Specialty, AZ-500) are advantageous
Core Competencies
- Analytical and detail-driven with a strong understanding of risk prioritization
- Skilled at translating technical findings into business impact
- Adaptable and resourceful across varying technologies and environments
- Committed to continuous learning and professional development in cybersecurity
