Pentest Engineer

Position Title:

Reports To:

Work Location:

Employment Type:

Position Summary

We are seeking an experienced and highly skilled Pentest Engineer responsible for executing penetration tests, vulnerability assessments, and security evaluations across our infrastructure, applications, and cloud environments. The ideal candidate will demonstrate deep knowledge of offensive security methodologies, exploit techniques, and modern attack vectors. This role involves working closely with engineering, IT, and leadership teams to ensure the organization maintains a robust and resilient security posture.

Essential Duties and Responsibilities

The essential duties of the position include the following: other duties may be assigned:

Security Testing & Assessments:

• Perform penetration testing on networks, applications, APIs, mobile platforms, and cloud environments.
• Conduct vulnerability assessments and exploit validation to identify and confirm security weaknesses.
• Perform AWS Cloud Security Assessments across IAM, S3, EC2, VPC, and related cloud services.
• Develop and execute test plans, scripts, and methodologies aligned with industry standards (OSSTMM, OWASP, NIST).
• Identify security gaps, prioritize risks, and recommend actionable remediation steps.

Collaboration & Integration:

• Collaborate with software development, DevOps, and IT teams to embed security best practices into systems and architectures.
• Support development teams by explaining findings, risks, and mitigation strategies.
• Assist in the development, revision, and enforcement of security policies, standards, and procedures.

Reporting & Documentation:

• Document assessment results, technical findings, and risk ratings in detailed reports.
• Present findings and recommendations to technical and non-technical stakeholders.
• Maintain documentation of tools, techniques, and processes to support repeatable assessments.

Security Operations Support:

• Provide technical expertise during security incidents and assist in forensic investigations when required.
• Monitor emerging security threats, vulnerabilities, and offensive security trends.
• Contribute to continuous improvement of internal security testing capabilities.

Supervisory Responsibilities:

This position does not initially include direct supervisory duties but may provide mentorship and technical guidance to junior security staff or interns.

Qualifications:

Education / Experience:

• Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 3-6 years of professional experience as a Pentest Engineer or in a similar offensive security role.
• Proven hands-on experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, and related frameworks.
• Strong understanding of Windows, Linux, and macOS environments, along with core networking protocols.
• Demonstrated expertise in offensive security methodologies and exploit techniques.
• Experience conducting security assessments in AWS environments.
• Relevant certifications such as OSCP, CEH, GPEN, or equivalent.
• Strong written and verbal communication skills with the ability to deliver clear, actionable reports.

Preferred Skills:

• Experience with scripting/programming languages (Python, Bash, PowerShell, etc.).
• Knowledge of cloud security best practices (AWS, Azure, GCP).
• Hands-on understanding of DevSecOps workflows and CI/CD security tooling.
• Ability to work independently as well as collaboratively in a team environment.

Technical Skills:

• Strong understanding of offensive security concepts, reconnaissance, exploitation, privilege escalation, and post-exploitation techniques.
• Proficiency in industry-standard pentesting tools and automated scanners.
• Familiarity with cloud security testing methodologies.
• Ability to analyze network, application, and system-level vulnerabilities.

Language Ability:

• Excellent technical writing skills for assessment reports, documentation, and security recommendations.
• Strong communication skills for presenting findings to cross-functional teams.

Math Ability:

• Solid analytical and quantitative skills for log analysis, data correlation, and risk scoring.

Reasoning Ability:

• Strong analytical problem-solving skills to identify security gaps and design effective attack paths.
• Ability to prioritize multiple assessments in a fast-paced environment.

Computer Skills:

• Proficiency with penetration testing frameworks, cloud platforms, scripting languages, and standard cybersecurity tools.
• Familiarity with SIEM, endpoint detection, and log management systems is an advantage.

Certificates and Licenses:

• Relevant professional certification (OSCP required or strongly preferred; CEH, GPEN, or similar also valued).

ISM and Privacy Statement:

• Employee Privacy and Confidentiality: Handle all sensitive security findings and company data with strict confidentiality.
• Compliance: Ensure adherence to relevant cybersecurity, privacy, and compliance requirements.
• Offboarding Process: Follow secure data handling and system-access revocation procedures when offboarding.