We are looking for a Penetration Tester to assess and strengthen our organization's security by identifying, exploiting, and documenting vulnerabilities in web applications, networks, mobile applications, cloud environments, and APIs. The ideal candidate will have a strong technical background in ethical hacking, vulnerability assessments, and security testing methodologies.

As a Penetration Tester, you will conduct simulated attacks to uncover security flaws, provide actionable remediation guidance, and work closely with development, IT, and security teams to improve overall cybersecurity posture.

Responsibilities:

enetration Testing & Vulnerability Assessment

• Conduct penetration tests on web applications (such as GoLang, React, NodeJS, .Net), networks, mobile applications, APIs, and cloud environments.

• Perform black-box, gray-box, and white-box testing based on project requirements.

• Identify and exploit security vulnerabilities such as Injections, XSS, XSRF, RCE, SSRF, and privilege escalation.

• Simulate real-world cyberattacks to assess an organization's security defenses.

• Work with Blue Teams, SOC, and DevSecOps to improve security detection and response.

Security Research & Exploit Development

• Research and test new attack techniques, exploit development, and bypass methods.

• Develop custom scripts and automation to assist in penetration testing (Python, Bash, PowerShell).

• Keep up with the latest security threats, vulnerabilities, and exploits (ExploitDB, CVE databases, MITRE ATT&CK).

Reporting & Remediation

• Document findings, risks, and mitigation recommendations in professional penetration test reports.

• Provide proof-of-concept (PoC) exploits and demonstrate security issues to stakeholders.

• Work with developers and IT teams to remediate vulnerabilities and improve security controls.

Security Tooling & Automation

• Utilize and configure penetration testing tools, including:

• Burp Suite, OWASP ZAP, OWASP Nettacker, Nuclei, Nessus, OpenVAS, SQLMap, Frida

• Metasploit, Nmap, Cobalt Strike, Wireshark, TCPDump

• Focus on the relevant tools and techniques within Kali Linux.

• Automate security testing and integrate security tools into DevSecOps CI/CD pipelines.

Security Compliance & Best Practices

• Ensure compliance with security standards (OWASP, NIST, PCI-DSS, ISO 27001).

• Help organizations achieve and maintain security certifications.

• Provide guidance on secure coding practices to development teams.

Security Awareness & Training

• Conduct security awareness training and workshops for developers and staff.

• Assist in Red Team exercises and adversary simulation engagements.

Required Skills & Qualifications:

Technical Skills

✔ Strong understanding of penetration testing methodologies (PTES, MITRE ATT&CK, OWASP Top 10).

✔ Hands-on experience with vulnerability assessment and exploitation.

✔ Deep knowledge of web application security, API security, network security, and mobile security.

✔ Familiarity with exploit development and scripting (Python, Bash, PowerShell, Frida).

✔ Identify and exploit vulnerabilities related to authentication, authorization, and access control, including those within FreeIPA and LDAP environments.

✔ Proficiency in mobile app testing tools (e.g., Frida, MobSF, Apktool, ADB,  JADX).

Soft Skills & Experience

✔ +4 years of experience in penetration testing, ethical hacking, or offensive security.

✔ Ability to work in fast-paced environments and handle multiple security assessments.

✔ Excellent analytical and problem-solving skills for breaking into systems.

✔ Strong communication and report-writing skills for documenting security findings.