Penetration Tester - Vulnerability Assessment

Job Summary :

We are seeking a skilled and proactive Penetration Tester to identify, exploit, and report vulnerabilities in our applications, networks, and infrastructure. The ideal candidate will be experienced in offensive security techniques and have a deep understanding of cybersecurity principles, attack vectors, and industry-standard testing methodologies. You will play a crucial role in strengthening our security posture and ensuring compliance with internal and external security standards.

Key Responsibilities :

- Conduct black-box, white-box, and grey-box penetration testing of web applications, APIs, networks, cloud infrastructure, and mobile apps.

- Simulate real-world cyberattacks to identify security weaknesses in systems and recommend effective mitigations.

- Perform vulnerability assessments using tools like Nessus, Burp Suite, Nmap, and custom scripts.

- Document findings in detailed technical reports and present risk assessments and remediation steps to stakeholders.

- Collaborate with development, DevOps, and IT teams to remediate identified vulnerabilities.

- Develop and maintain custom scripts and tools for internal testing needs.

- Keep up-to-date with the latest vulnerabilities, attack techniques, and threat intelligence.

- Conduct red teaming, social engineering, and phishing simulation campaigns when needed.

- Assist in the development of security policies, hardening guides, and best practices.

Required Skills & Qualifications :

- Bachelors or Masters degree in Computer Science, Information Security, or related field.

- Proven experience in penetration testing and ethical hacking.

- Strong understanding of OWASP Top 10, MITRE ATT&CK, and CVSS scoring systems.

- Proficiency with tools such as Burp Suite, Metasploit, Nmap, Nikto, SQLmap, Kali Linux, Wireshark, and others.

- Good knowledge of scripting languages (Python, Bash, or PowerShell) for automation and tool development.

- Experience in testing cloud environments (AWS, Azure, GCP) and containerized applications (Docker, Kubernetes).

- Familiarity with network protocols, firewalls, IDS/IPS systems, and Active Directory security.

- Strong analytical and problem-solving skills with attention to detail.

- Excellent communication and documentation skills.

Preferred Certifications (not mandatory) :

- OSCP (Offensive Security Certified Professional)

- CEH (Certified Ethical Hacker)

- GPEN (GIAC Penetration Tester)

- CPT (Certified Penetration Tester)

- CREST certification

Nice to Have :

- Experience with DevSecOps integration or CI/CD pipeline security.

- Familiarity with bug bounty platforms (e.g., HackerOne, Bugcrowd).

- Prior work in security consulting or client-facing roles.

- Knowledge of secure coding practices.