Penetration Tester

Job Title: Penetration Tester

Location:

Experience:

Department:

Company Description:

ISECURION is a leading cybersecurity services provider, ISO 27001:2022

certified and CERT-IN empanelled. We offer innovative solutions and cutting- edge research to address the evolving threats in the cyber landscape. We work with a diverse clientele, both global and Indian, to safeguard their digital

assets, deliver strategic security consulting, and enhance their cyber resilience. Are You Passionate About Cybersecurity?

Job Summary:

highly skilled and creative Penetration Tester

think-outside-the-box mindset

Key Responsibilities:

• Perform comprehensive

  black box penetration testing

  of:
• Enterprise networks and internal infrastructure
• Web and mobile applications
• Active Directory environments (Kerberos, LDAP, domain trusts, etc.)
• Cloud platforms including

  AWS

  ,

  Azure

  , and

  GCP

• Identify and exploit misconfigurations, logic flaws, privilege escalations, and other high-impact vulnerabilities.
• Simulate real-world attack scenarios such as

  credential attacks

  ,

  lateral movement

  , and

  privilege escalation

  in AD/cloud hybrid environments.
• Document detailed technical findings, risk ratings, proof-of-concept exploits, and remediation strategies.
• Collaborate with internal teams to validate fixes and ensure secure configuration post-remediation.
• Stay up to date with threat actor tactics, techniques, and procedures (TTPs).
• Contribute to internal tooling, red team exercises, and security testing methodologies.
• Mentor junior team members and assist in strategic planning of offensive security initiatives.

Required Skills and Qualifications:

• 5+ years of proven experience in

  black box penetration testing

  .
• Strong expertise in

  Active Directory

  testing, including attack paths, domain privilege escalation, and lateral movement.
• Experience in

  cloud security testing

  across AWS, Azure, and GCP environments (IAM roles, misconfigured services, metadata exploitation, etc.).
• Solid understanding of

  network protocols

  ,

  web application security

  ,

  OWASP Top 10

  , and

  API exploitation

  .
• Proficiency with tools such as

  Burp Suite

  ,

  Nmap

  ,

  Impacket

  ,

  BloodHound

  ,

  Mimikatz

  ,

  Metasploit

  , and

  PowerView etc

  .
• Scripting ability in Python, PowerShell, or Bash for exploit development and automation.
• Strong analytical and creative problem-solving skills.
• Excellent report writing and verbal communication abilities.

Preferred Certifications (Good to Have):

• OSCP / OSEP / CRTP / CRTE / OSED / OSWE / GPEN / AZ-500 / AWS Security Specialty
• Microsoft or cloud-specific red team certifications are a plus

What We’re Looking For:

• A

  strategic attacker’s mindset

  who can go beyond surface-level vulnerabilities.
• A

  technical leader

  who can assess modern hybrid infrastructures with precision.
• A

  contributor

  who can deliver

  real-world risk insights

  , not just findings.

How to Apply: