!! This position is for Network and Infrastructure Penetration Testing , NOT AppSec, NOT Web VAPT !! Castellum Labs is a next-generation cybersecurity technology venture based in Hyderabad, India, with global set of customer base and global ambitions. Our vision is to change the cybersecurity value model in the industry by using custom designed in-house technologies for service delivery. Our primary focus areas in cybersecurity are DevSecOps, Application Security (Life Cycle Security), Incident Response Services (Process, Tech & Enabling), Cyber Security Assessments, Phishing Simulation and Employee Awareness and Darkweb Monitoring & OSINT (External Threat Detection + Risk Rating). We use automation, cloud platforms, unique products, and a multi-layered security expert team to deliver services globally. Our services are delivered using a global delivery center and model, in a unique combination. We are hiring for Network and Infrastructure Penetration Testing for our Hyderabad office location. There are multiple position for experience range of 1 to 5 years. Role Description -- This is a full-time role for a Network and Infrastructure Penetration Tester (including cloud) at Castellum Labs. As a Network Penetration Tester, you will be responsible for performing security assessments, identifying vulnerabilities, conducting penetration testing, and providing recommendations for improving the security posture. This is an on-site role located in Hyderabad. Network penetration tester will conduct target assets based penetration testing of network devices, servers, DBs, endpoint devices, storage, cloud and other infrastructural assets. This role will work with other team members of VAPT, to cover all aspect of infra pen testing. This role will also cover, specialized infra such as AD, cloud (AWS, GCP and Azure) in its pen testing scope. This position is for Work from Office. No Work from Home option is available. Qualifications -- Good experience in network pen testing Good knowledge of security context and security configs of infra Good understanding of servers, databases, VMs, FW, Router, WAN & cloud Solid experience with pen testing tools, nmap, metasploit, recon tools and utilities Good experience in scripting using shell and python for the attack vector related work Understanding of the exploits which can be employed in various pen vectors Good knowhow of the reverse shell access under variety of compromise Good knowledge on network security concepts and network equipment Basic understanding of the MITRE ATT&CK framework Good understanding of red teaming models Ability to perform comprehensive pen testing Problem-solving and analytical skills Effective written and verbal communication skills Ability to work collaboratively in a team environment Relevant certifications such as CEH, OSCP, or CISSP are beneficial but not required Experience of participating in CTF of different types will be given preference Experience and Joining -- 1 to 5 years of experience Experience in cyber security services preferred Location is Hyderabad and joining is immediate (in 15 days) We can consider someone coming from the network security background We can also consider people coming from network management background Note - Note a 9 to 5 job Self driven approach is needed Startup environment, so high pressure situations are normal
