Penetration (PEN) Tester

Job Title: Senior Penetration Tester / Security Consultant
Employment Type: Full-time

About the Role
We are looking for a passionate and experienced Penetration Tester. In this role, you will move beyond simple vulnerability scanning-you will think like an adversary to uncover complex business logic flaws and security weaknesses before they can be exploited.

You will work with a diverse portfolio of enterprise clients, helping them secure their networks, web applications, cloud environments, and critical infrastructure. This is a client-facing role that requires not only deep technical expertise but also the ability to translate complex technical risks into actionable business recommendations.

Key Responsibilities

• Adversarial Assessments: Plan and execute complex penetration tests against networks (internal/external), web applications, APIs, mobile platforms, and cloud environments (AWS, Azure, GCP).

• Red Teaming: Participate in stealthy, objective-based red team exercises to test detection and response capabilities, utilizing evasive techniques and custom tooling.

• Exploit Development: Research, develop, and modify exploits for zero-day vulnerabilities and complex application logic flaws when standard tooling is insufficient.

• Reporting & Communication: Produce high-quality, executive-level and technical reports that clearly articulate findings, risk levels, and practical remediation roadmaps.

• Client Advisory: Act as a trusted advisor during the remediation phase, guiding development and operations teams on secure coding practices and security architecture improvements.

• Tooling & Automation: Maintain and enhance our internal testing infrastructure and tooling. Automate repetitive tasks to focus on deeper manual testing.

• Threat Modeling: Collaborate with clients early in the development lifecycle (DevSecOps) to threat model applications and infrastructure, identifying risks before a single line of code is written.

Qualifications

• Experience: 3+ years of hands-on experience in penetration testing or offensive security roles.

• Technical Depth:

  • Expert knowledge of network protocols, operating systems (Windows, Linux), and Active Directory attacks.

  • Proficiency in exploiting web application vulnerabilities (OWASP Top 10) and common API flaws.

  • Strong scripting and development skills (Python, PowerShell, Ruby, Go, or C#) to write custom scripts and exploits.

  • Experience with cloud security assessments and common cloud misconfigurations.

• Methodology: Deep understanding of the MITRE ATT&CK framework and the penetration testing execution standard (PTES).

• Certifications (Preferred but not required): OSCP, OSCE, OSWE, GPEN, GXPN, or CREST equivalents.