Penetration Tester (Ethical Hacker)

About OmnisAI

OmnisAI is a fast-growing company building AI-powered platforms for legal, compliance, and enterprise operations. Security, privacy, and trust are at the core of everything we build. As part of our ongoing commitment to SOC 2 and HIPAA compliance, we’re expanding our cybersecurity division to proactively identify and mitigate risks across our infrastructure, applications, and products.

Role Overview

Penetration Tester

Key Responsibilities

• Conduct manual and automated penetration testing across web, mobile, API, and cloud environments (AWS).
• Perform vulnerability assessments, exploit analysis, and post-exploitation procedures.
• Identify and report security weaknesses with clear proof of concept (PoC) and remediation guidance.
• Collaborate with developers and DevOps teams to validate fixes and re-test vulnerabilities.
• Conduct threat modeling and risk assessments for new products and infrastructure.
• Support SOC 2, HIPAA, and ISO 27001 security initiatives through controlled testing and audit evidence.
• Develop and maintain internal security testing frameworks and scripts.
• Stay updated on the latest exploit techniques, tools, and industry trends.
• Perform social engineering and phishing simulation assessments when required.
• Prepare detailed technical and executive-level security reports.

Required Skills & Qualifications

• 4+ years of professional experience in penetration testing or offensive security.
• Strong understanding of OWASP Top 10, MITRE ATT&CK, and NIST frameworks.
• Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux.
• Proficiency in scripting languages (Python, Bash, PowerShell, or Go).
• Experience testing applications built using modern stacks (Next.js, Node.js, React, MongoDB, etc.).
• Familiarity with cloud security best practices (AWS IAM, S3, Lambda, EC2, etc.).
• Excellent report writing and documentation skills.
• Ability to communicate complex technical issues to non-technical stakeholders.

Preferred Qualifications

• Relevant certifications such as

  OSCP, CEH, GPEN, or CPT

  .
• Prior experience supporting compliance programs (SOC 2, HIPAA).
• Understanding of CI/CD pipelines, Kubernetes, and container security.
• Experience conducting red team / blue team exercises.

What We Offer

• Opportunity to work with cutting-edge AI and security technology
• Flexible work environment and strong focus on innovation
• Exposure to international compliance frameworks and enterprise clients
• Long-term growth opportunities within the cybersecurity division