Penetration Tester

Job Summary:

We are looking for an experienced Senior Penetration Tester with 7+ years of expertise in Web Application, Network/Infrastructure, Mobile, and Cloud Penetration Testing. The ideal candidate will be responsible for conducting in-depth security assessments, identifying vulnerabilities, and providing actionable security recommendations to enhance the organizations security posture.

Key Responsibilities:

• Conduct manual and automated penetration testing across web applications, mobile applications, networks, and cloud environments (AWS, Azure, GCP).
• Perform infrastructure and network penetration testing, including internal and external network security assessments.
• Identify, exploit, and document security vulnerabilities and misconfigurations following industry-standard methodologies (e.g., OWASP, NIST, MITRE ATT&CK, CIS benchmarks).
• Execute mobile security testing for Android & iOS applications, including reverse engineering, API testing, and static/dynamic analysis.
• Assess cloud environments (AWS, Azure, GCP) for misconfigurations, IAM vulnerabilities, privilege escalations, and container security flaws.
• Develop custom scripts/tools to automate security assessments where applicable.
• Prepare detailed vulnerability assessment reports with mitigation recommendations and work closely with development and infrastructure teams to remediate findings.
• Conduct red teaming and adversary simulation exercises to assess security defenses.
• Stay updated with the latest security threats, exploits, and emerging technologies in penetration testing and ethical hacking.
• Mentor junior team members and contribute to internal security research initiatives.

Required Skills & Qualifications:

• 7+ years of hands-on experience in penetration testing across web, mobile, network/infrastructure, and cloud security domains.
• Strong understanding of web application security concepts (SQL Injection, XSS, CSRF, SSRF, IDOR, etc.) and experience with OWASP Top 10 and SANS 25 vulnerabilities.
• Proficiency in network penetration testing (internal & external), including firewalls, IDS/IPS bypassing, and exploiting network misconfigurations.
• Hands-on experience with mobile application security testing using tools such as MobSF, Frida, Burp Suite, and manual techniques.
• Expertise in cloud penetration testing for AWS, Azure, and GCP, including IAM misconfigurations, container security (Docker/Kubernetes), and cloud-native vulnerabilities.
• Proficiency in penetration testing tools like Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLmap, Wireshark, Kali Linux, etc.
• Strong knowledge of Red Teaming methodologies, adversary simulation techniques, and exploit development.
• Familiarity with SAST/DAST tools, DevSecOps, and security automation techniques.
• Scripting knowledge in Python, Bash, PowerShell, or similar languages to automate security assessments.
• Strong reporting skills with the ability to create clear, concise, and actionable penetration testing reports.