Senior Penetration Tester

A Senior Penetration Tester will play a pivotal role in conducting advanced penetration tests, identifying complex security vulnerabilities, and providing expert guidance to enhance the security posture of the clients' infrastructures. Leveraging their experience and expertise, they will lead penetration testing engagements, mentor junior team members, and collaborate with clients to develop tailored security solutions.

Responsibilities

• Leading and executing penetration testing engagements across a wide range of client environments, including systems, networks, and applications.
• Conducting in-depth security assessments to identify vulnerabilities, misconfigurations, and weaknesses in client infrastructures.
• Utilizing advanced exploitation techniques and custom scripts to simulate real-world cyber attacks and assess the effectiveness of security controls.
• Analyzing and documenting findings from penetration tests, including detailed exploit reports, risk assessments, and recommendations for remediation.
• Providing expert guidance and technical support to clients during the remediation process, including prioritizing and implementing security controls and best practices.
• Developing and maintaining custom tools, scripts, and methodologies to enhance the efficiency and effectiveness of penetration testing activities.
• Collaborating with cross-functional teams, including security analysts, engineers, and developers, to identify and address security gaps throughout the software development lifecycle.
• Serving as a subject matter expert on penetration testing methodologies, tools, and best practices, both internally and externally.

Required experience & skills:

• Bachelor’s degree in Computer Science, Information Security,
• Engineering or equivalent practical experience. Advanced degree is a plus but not required.
• 3+ years in offensive security / penetration testing, or equivalent.
• Proven track record leading and delivering medium-to-large scope engagements across multiple technology stacks.
• Experience in web application attacks (OWASP Top 10, SSRF, RCE, deserialization, auth logic bugs).
• Experience in network & host exploitation (Windows/Linux privilege escalation, AD/kerberos).
• Experience in cloud security assessments (AWS, Azure, GCP concepts, IAM, misconfig, serverless/container assessments).
• Experience in API, mobile and thick-client testing.
• Experience in post-exploitation, lateral movement and persistence techniques.
• StrongHands-on toolset: Burp Suite (Pro), nmap, Metasploit, Cobalt/Empire/Metasploit alternatives, sqlmap, Wireshark, BloodHound, PowerShell Empire / PowerView / SharpSploit, Frida, Ghidra/IDA or reverse engineering experience.
• Comfortable writing custom scripts/tools in at least one language (Python, Golang, PowerShell, Ruby).
• Strong reporting skills: ability to produce reproducible, prioritized findings and remediation steps.
• Excellent verbal communication and client-facing skills; ability to explain technical issues to non-technical stakeholders.

Certifications (Nice to have):

• Offensive certifications such as OSCP, OSCE, OSWE, OSEP, CREST CRT, eLearnSecurity Pentest+, or equivalent.
• Cloud certifications (AWS Certified Security, Azure Security Engineer, GCP Professional Cloud Security) are a plus.
• ISC2/CISSP or other governance certifications are a plus but not required.

Benefits

• Private Health Insurance
• Private Pension Plan
• Training & Development
• Performance Bonus
• Laptop
• Phone-Mobile Plan