Senior Penetration Tester

We are looking for a Senior Penetration Tester to assess and analyze the security posture of organizations by simulating cyber-attacks and identifying potential vulnerabilities. The successful candidate will be responsible for conducting penetration testing, vulnerability assessments, and security audits to ensure the confidentiality, integrity, and availability of our customers and data.

Responsibilities

• Conduct comprehensive penetration tests on applications, networks, and systems to identify vulnerabilities and weaknesses.
• Develop and execute penetration testing methodologies and strategies to assess the security controls of our organization.
• Prepare detailed reports outlining findings, recommendations, and remediation strategies to address identified security issues.
• Stay updated on the latest security trends, vulnerabilities, and hacking techniques to proactively protect against potential cyber threats.
• Recognize and safely utilize attacker tools, tactics, and procedures.

• Ability to manage and balance own time among multiple tasks, and lead junior staff when required.
• Excellent analytical and problem-solving skills.
• Effective communication skills with the ability to explain technical concepts to non-technical stakeholders.
• Strong problem-solving skills and the ability to think outside the box.
• Job requires frequent travel abroad.

• Must have experience in pen testing and/or red teaming engagements, not just bug bounty and CTF.
• Advanced knowledge of penetration testing methodologies.
• In-depth understanding of network protocols and systems.
• Proficiency in using penetration testing tools such as Metasploit, Nmap, and Burp Suite
• Strong knowledge of security frameworks and standards (e.g., OWASP, NIST)
• Experience in conducting application security assessments and vulnerability assessments.
• Ability to analyze and report on security findings in a clear and concise manner.
• Expertise in social engineering techniques and physical security assessments.
• Relevant certifications such as CEH, OSCP, or CISSP would be a plus.
• At least 3 years combined experience in Mobile Application penetration testing and the at least 2 of the following: Web application penetration testing Network/infrastructure penetration testing OT/ICS penetration testing Source code review for control flow and security flaws.
• Previous experience in at least 2 of the following: Shell scripting or automation of simple tasks.
• Developing, extending, or modifying exploits, shellcode or exploit tools.
• Application development (web/mobile)Malware reverse engineering.
• Vulnerability assessment / Security assessment tools Cloud / Systems administration

• Red Teaming Engagements

Bachelor's degree in Computer Science, Software Engineering, or a related field.