Job Title: Penetration Tester (Ethical Hacker)
Job Summary: We are seeking a skilled Penetration Tester to identify, assess, and help remediate security vulnerabilities across applications, networks, cloud environments, and enterprise systems. The ideal candidate will perform authorized security assessments, simulate real-world cyberattacks, and provide actionable recommendations to strengthen the organization's security posture. This role requires a deep understanding of offensive security techniques, vulnerability management, and security best practices.
Key Responsibilities: - Conduct penetration tests on web applications, APIs, mobile applications, networks, cloud environments, and infrastructure.
- Perform vulnerability assessments and security audits to identify weaknesses.
- Simulate real-world attack scenarios to evaluate security controls and defenses.
- Analyze findings and provide detailed reports with risk ratings and remediation recommendations.
- Validate vulnerability fixes through retesting activities.
- Conduct security reviews of system architectures and application designs.
- Assist development and infrastructure teams in implementing security best practices.
- Perform reconnaissance, threat modeling, and attack surface analysis.
- Stay informed about emerging threats, vulnerabilities, and attack techniques.
- Support red team exercises and security awareness initiatives.
- Ensure testing activities comply with legal, regulatory, and organizational requirements.
Required Skills: - Strong understanding of cybersecurity principles and attack methodologies.
- Experience with web application, network, and cloud security testing.
- Knowledge of common vulnerabilities such as OWASP Top 10 and MITRE Telecommunication&CK.
- Strong analytical and problem-solving skills.
- Ability to communicate technical findings to both technical and non-technical stakeholders.
- Experience writing professional penetration testing reports.
Technical Skills: - Security Testing Tools: Burp Suite, OWASP ZAP, Nessus, Nmap, Metasploit
- Web Application Security Testing
- API Security Testing
- Mobile Security Testing (Android/iOS)
- Network Security Assessment
- Cloud Security (AWS, Azure, GCP)
- Operating Systems: Linux, Windows
- Scripting Languages: Python, PowerShell, Bash
- Vulnerability Management Tools: Qualys, Rapid7, Tenable
- Security Frameworks: OWASP, NIST, CIS Controls, MITRE Telecommunication&CK
Qualifications: - Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field.
- Professional certifications are highly preferred:
- CEH (Certified Ethical Hacker)
- OSCP (Offensive Security Certified Professional)
- GPEN (GIAC Penetration Tester)
- PNPT (Practical Network Penetration Tester)
- CISSP (Preferred)
Experience: - 3-7 years of experience in Penetration Testing, Ethical Hacking, Red Teaming, or Cybersecurity.
- Hands-on experience conducting application, network, and cloud security assessments.
- Experience using industry-standard penetration testing tools and methodologies.
- Familiarity with Agile, DevSecOps, and Secure SDLC practices.
Preferred Qualifications: - Experience with Red Team and Purple Team engagements.
- Knowledge of Active Directory security and privilege escalation techniques.
- Experience with container and Kubernetes security assessments.
- Understanding of cloud-native security controls and architecture.
- Experience performing source code security reviews and secure coding assessments.
Preferred Qualities: - Strong investigative and analytical mindset.
- High attention to detail and commitment to ethical standards.
- Excellent report writing and presentation skills.
- Ability to work independently and collaboratively.
- Passion for cybersecurity research and continuous learning.
Employment Type: Full-Time
Location: Remote / Hybrid / On-site
Nice to Have: - Experience with bug bounty programs and responsible disclosure processes.
- Knowledge of Security Operations Center (SOC) workflows and incident response.
- Familiarity with threat intelligence platforms and threat hunting.
- Experience testing enterprise SaaS, FinTech, Healthcare, Government, or Cloud-native applications.
- Contributions to cybersecurity research, security blogs, open-source tools, or conference presentations.