iCloudEMS - Penetration Tester - Cloud Security

Job Description : Penetration Tester Cloud Security.

Position : Penetration Tester (Cloud).

Department : Cybersecurity / Cloud Security.

Experience : 3 to 6 yrs.

Role Description :

This is a full-time remote role for a Penetration Tester specializing in cloud and cybersecurity at CNV Labs India Pvt. Ltd.

As a Penetration Tester, you will be responsible for identifying vulnerabilities, conducting security assessments, and deploying advanced penetration testing techniques in application security, cloud environments, and networks.

Daily tasks will include evaluating system and application security, reverse engineering malware, performing red teaming exercises, investigating cybersecurity incidents, and providing actionable recommendations to improve the security posture.

We are seeking an experienced Cloud Penetration Tester to assess, exploit, and strengthen the security of our cloud environments (AWS, Azure, GCP).

The role involves simulating real-world cyber-attacks, identifying vulnerabilities, and delivering actionable remediation recommendations.

Key Responsibilities :

- Perform in-depth penetration testing on cloud infrastructures (AWS/Azure/GCP).

- Conduct cloud-specific vulnerability assessments and configuration reviews.

- Simulate cyber-attacks to identify weaknesses in cloud applications, networks, APIs, and IAM configurations.

- Evaluate cloud-native security controls (Security Groups, IAM roles, Key Management, WAF, CloudTrail, etc.

- Test containerized and serverless environments (Docker, Kubernetes, Lambda, Cloud Functions).

- Identify misconfigurations, privilege escalation paths, insecure storage, authentication issues, and API exploits.

- Prepare detailed technical reports and executive summaries with remediation steps.

- Work with DevOps and Cloud teams to improve security posture and ensure secure architecture.

- Assist in threat modeling and secure design of new cloud features/services.

- Stay updated on modern cloud attack tools and techniques (e.g., Pacu, ScoutSuite, Prowler, KubeHound).

Skills & Qualifications :

- Strong understanding of cloud platforms (AWS, Azure, GCP).

- Hands-on experience with cloud penetration testing tools :

1. Pacu

2. ScoutSuite

3. Prowler

4. CloudBrute

5. Burp Suite

6. Metasploit

7. Nmap

- Familiarity with cloud-native security concepts :

i. IAM

ii. VPC

iii. S3

iv. Key Management

v. Containers

vi. Serverless

vii. API Gateway

viii. WAF

ix. CloudTrail

- Knowledge of network, API, and web application security.

- Solid understanding of cloud attack vectors : SSRF, misconfigurations, privilege escalation, credential theft, etc.

- Ability to produce high-quality penetration testing reports.

- Scripting skills (Python, PowerShell, Bash) for automation.

- Certifications preferred : OSCP, OSWE, CEH, CCSP, AWS Security Specialty, Azure Security Engineer.

Preferred Personality Traits :

- Detail-oriented with the ability to think like an attacker.

- Strong communication skills for explaining findings.

- Continuous learner with curiosity about emerging cloud threats.