Job Summary: We are seeking an experienced Penetration Tester (Pentester) Engineer with 4+ years of hands-on experience in identifying, assessing, and mitigating vulnerabilities across web applications, networks, APIs, and infrastructure. The ideal candidate should have deep knowledge of security testing tools, methodologies, and frameworks, and be able to think like a hacker to protect our digital assets. Key Responsibilities: Conduct manual and automated penetration testing on web applications, APIs, mobile applications, and network infrastructure. Identify and exploit security flaws in systems and provide clear, actionable remediation steps. Create and deliver comprehensive vulnerability assessment and penetration test reports . Collaborate with developers, DevOps, and IT teams to assist in fixing identified security issues. Stay current on emerging threats, tools, and security trends to keep systems secure. Assist in the design and implementation of secure SDLC and DevSecOps processes . Simulate real-world attack scenarios to evaluate system resilience. Perform security audits, risk assessments , and red team/blue team exercises as needed. Review and analyze code for security vulnerabilities (code review/secure coding practices). Required Skills & Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. 4+ years of hands-on penetration testing or ethical hacking experience. Proficient in tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Wireshark, Nessus , etc. Deep understanding of OWASP Top 10 , SANS Top 25, and common web/mobile/API vulnerabilities. Experience with scripting and automation using Python, Bash, or PowerShell . Strong knowledge of network security, system hardening, and secure coding principles . Familiarity with compliance standards (e.g., ISO 27001, PCI-DSS, HIPAA) is a plus. Ability to write detailed and technically accurate reports for both technical and non-technical stakeholders. Relevant certifications preferred: OSCP, CEH, GPEN, or similar . Nice to Have: Experience in cloud security (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes). Exposure to threat modeling, red teaming, and bug bounty programs . Contribution to open-source security tools or active participation in CTFs or security forums. Understanding of CI/CD pipelines and integration of security into DevOps.