Penetration Tester

Job Description:
This Penetration Tester will perform comprehensive, end-to-end security assessments across applications, networks, cloud environments, and enterprise infrastructure. They’ll identify vulnerabilities, misconfigurations, and exploitable weaknesses through hands-on testing, threat modeling, exploitation, and post-exploitation activities. The role also includes delivering clear, actionable remediation guidance to both technical and non-technical stakeholders while partnering with engineering teams to strengthen overall security posture.

Requirements:
-3+ years of hands-on penetration testing or offensive security experience, specifically conducting real-world assessments on web applications
-Strong knowledge of web application security – OWASP Top 10, API vulnerabilities, network and infrastructure security – routing, segmentation, privilege escalation, and operating system internals/misconfigurations across Windows and Linux
-Hands on experience with Burpe Suite for daily web application testing and experienced with tools such as Nmap, Metasploit, Nessus, Wireshark, SQLmap, Hydra, BloodHound, or similar tools
-Excellent documentation and client-facing communication skills

Nice to have:
-OSCP, eJPT, CEH, GPEN, HTB CPTS or similar offensive security certifications
-Cloud or DevSecOps certifications
-Scripting ability in Python, PowerShell, or Bash for custom exploitation or automation

Responsibilities:
-Execute comprehensive penetration tests on diverse environments including:
–Web and mobile applications
–Internal and external networks
–APIs and cloud-hosted services (AWS, Azure, GCP)
–Infrastructure components, Active Directory, and enterprise systems
-Perform threat modeling, exploitation, and post-exploitation activities to determine true business impact
-Assess both technical and procedural security controls, validating configurations and identifying weaknesses in authentication, authorization, and data protection
-Develop and maintain custom scripts, payloads, and automation tools to enhance testing depth and efficiency
-Produce detailed technical reports with risk ratings, reproduction steps, and practical mitigation recommendations
-Deliver executive summaries and presentations that translate technical findings into business risk terms
-Collaborate with engineering, development, and security teams to support remediation and retesting efforts
-Stay informed on emerging vulnerabilities, exploits, and security frameworks, integrating new techniques into testing methodologies
-Contribute to the ongoing refinement of internal testing standards, playbooks, and templates