We are seeking an elite Penetration Tester to join our elite security team. You will be a relentless hunter, identifying and exploiting critical vulnerabilities across our complex technological landscape. In this role, you’ll be responsible for securing clients web applications, APIs, networks, infrastructure, Active Directory, and cloud environments. You will be a trusted advisor, working collaboratively to remediate vulnerabilities and continuously improve various client’s security posture.

Responsibilities:

Design, execute, and document comprehensive penetration testing engagements encompassing:

Web applications: Leverage advanced techniques to uncover critical vulnerabilities (SQL injection, XSS, CSRF, RCE) and assess their exploitability.

APIs: Utilize various tools and methodologies to identify security misconfigurations, broken authentication, and authorization flaws in APIs.

Networks and Infrastructure: Conduct in-depth network assessments to discover weaknesses in network segmentation, firewalls, and network devices. Employ pivoting, escalation of privileges, and lateral movement techniques to compromise systems.

Active Directory: Assess the security posture of Active Directory, focusing on misconfigurations, insecure password policies, and privileged account controls.

Cloud Environments: Perform cloud security assessments on platforms like AWS, Azure, or GCP, identifying insecure configurations, storage vulnerabilities, and potential access control issues.

Exploit discovered vulnerabilities using advanced tools and techniques to demonstrate real-world impact.

Create detailed penetration testing reports that clearly document findings, risks, proof-of-concepts, and recommended remediation strategies.

Proactively stay ahead of the evolving threat landscape by researching emerging vulnerabilities, exploits, and offensive security tools.

Collaborate effectively with development, IT, and security teams to prioritize vulnerabilities, remediate issues, and enhance security controls.

Maintain an unwavering commitment to ethical hacking principles and best practices.

Requirements:

Minimum of 2+ years of experience in penetration testing or a related security field, with a proven track record of success in identifying and exploiting high-impact vulnerabilities.

In-depth understanding of penetration testing methodologies (e.g., OWASP methodologies, PTES) and a vast toolkit of industry-standard penetration testing tools (Burp Suite, Metasploit, Nessus, etc.).

Extensive experience in scripting languages (Python, Bash, PowerShell) for automating tasks and developing custom exploits.Solid understanding of cloud security concepts and experience in securing cloud environments (AWS, Azure, GCP).

Expertise in Active Directory security, including identification and exploitation of misconfigurations and privilege escalation techniques.Experience in API security testing methodologies and tools.

Exceptional written and verbal communication skills with the ability to clearly articulate complex technical findings to both technical and non-technical audiences.

A passion for security and a relentless drive to push the boundaries of offensive security

Preferred Qualifications:

Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field.2nd class Upper or better

Proven experience in social engineering techniques.

Certifications such as eJPT, CEH, CPENT, OSCP, OSCE, GCIH, GWAPT,CISSP and any cloud related certification.

Experience in mobile application security testing.

Experience in container security (Docker, Kubernetes).