Penetration Tester

Job Description

Job Title: Penetration Tester Location: Remote Experience Required: 5 Years Employment Type: Full-Time Job Summary: We are seeking a highly skilled and experienced Senior Penetration Tester with 5 years of hands-on experience in offensive security. The ideal candidate will be responsible for conducting advanced security assessments, simulating real-world cyberattacks, and providing actionable recommendations to enhance the organization’s security posture. This role demands deep technical expertise, strong analytical skills, and the ability to communicate effectively with both technical and non-technical stakeholders. Key Responsibilities: Plan, execute, and document black-box, grey-box, and white-box penetration tests across various environments (web apps, networks, APIs, mobile, cloud, etc.) Conduct Red Team/Blue Team exercises and collaborate with threat hunters and SOC teams. Identify, exploit, and report vulnerabilities in systems, applications, and infrastructure. Develop and maintain custom exploitation tools, scripts, and payloads . Perform social engineering engagements , including phishing simulations and physical assessments (where applicable). Provide detailed, risk-based reporting , including technical findings, proof-of-concept exploits, and remediation guidance. Stay current with emerging threats, vulnerabilities, and tools in the cybersecurity domain. Mentor junior team members and contribute to the development of internal testing methodologies and frameworks. Participate in threat modeling, architecture reviews, and security design discussions . Required Skills and Qualifications: 5 years of professional experience in penetration testing, red teaming, or offensive security . Proficiency in tools such as Burp Suite, Metasploit, Nmap, Wireshark, Cobalt Strike, Nessus, etc. Deep understanding of OWASP Top 10 , MITRE ATT&CK , and NIST security frameworks . Strong knowledge of network protocols, web application architectures, cloud environments (AWS/Azure/GCP), and secure coding practices. Experience with manual testing techniques and not just automated scanners. Strong scripting and automation skills in Python, PowerShell, Bash, or Go . Experience with Active Directory exploitation , privilege escalation, and lateral movement techniques. Demonstrated ability to write clear, concise, and detailed technical reports. Strong verbal and written communication skills. Preferred Certifications (any of the following): Offensive Security Certified Professional (OSCP) Offensive Security Certified Expert (OSCE) Certified Red Team Professional (CRTP) GIAC Penetration Tester (GPEN) Certified Ethical Hacker (CEH) CREST Registered Tester or equivalent Show more Show less