Senior Penetration Tester (Infrastructure & Application)

Job Overview

We are seeking a highly skilled and experienced Senior Penetration Tester to join our cybersecurity team in Jaipur, Rajasthan. The Penetration Tester will be responsible for conducting comprehensive vulnerability assessments and penetration testing across infrastructure, web applications, mobile applications, and network environments for enterprise and multinational clients. This role requires deep technical expertise in ethical hacking methodologies, exploitation techniques, and security assessment tools, along with the ability to deliver detailed findings and actionable remediation guidance. The ideal candidate will have a strong track record of working with enterprise clients, demonstrating professionalism, discretion, and commitment to full-time engagement without external affiliations.​

Key Responsibilities

• Infrastructure Penetration Testing: Conduct thorough penetration tests on network infrastructure, servers, cloud environments (AWS, Azure, GCP), firewalls, routers, switches, VPNs, and wireless networks to identify security vulnerabilities and misconfigurations.​
• Web Application Penetration Testing: Perform in-depth security assessments of web applications including OWASP Top 10 vulnerabilities, authentication and authorization flaws, session management issues, SQL injection, XSS, CSRF, business logic flaws, and API security testing.​
• Mobile Application Penetration Testing: Conduct security testing of iOS and Android mobile applications including reverse engineering, insecure data storage, improper cryptography, insecure communication, and platform-specific vulnerabilities.​
• Vulnerability Assessment: Execute automated and manual vulnerability assessments using industry-standard VAPT tools to identify, classify, and prioritize security weaknesses across client environments.​
• Exploitation and Post-Exploitation: Safely exploit identified vulnerabilities to demonstrate real-world attack scenarios, assess business impact, escalate privileges, perform lateral movement, and document exploitation paths.​
• Security Tool Expertise: Utilize hands-on expertise with penetration testing tools including Burp Suite, Metasploit, Nmap, Wireshark, SQLmap, Nessus, Acunetix, Nikto, OWASP ZAP, Kali Linux, John the Ripper, Aircrack-ng, and other specialized security testing frameworks.​
• Report Development: Create comprehensive penetration testing reports including executive summaries, detailed technical findings, risk ratings (CVSS scoring), proof-of-concept demonstrations, screenshots, and prioritized remediation recommendations tailored to client audiences.​
• Client Engagement: Work directly with multinational and enterprise clients to understand security requirements, define testing scope, coordinate testing schedules, present findings, and provide expert security consultation.​
• Remediation Verification: Conduct retesting and validation of remediated vulnerabilities to ensure effective implementation of security fixes and provide closure on identified issues.​
• Compliance and Standards: Ensure penetration testing methodologies align with industry frameworks including OWASP, PTES (Penetration Testing Execution Standard), NIST, ISO 27001, PCI DSS, and other regulatory requirements.​
• Threat Intelligence: Stay current with emerging vulnerabilities, exploit techniques, security advisories (CVEs), attack vectors, and threat landscape developments to enhance testing effectiveness.​
• Collaboration: Work closely with security consultants, GRC teams, incident response teams, and technical teams to integrate penetration testing insights into broader security programs and risk management initiatives.

Qualifications

Experience

10 years of hands-on experience in penetration testing, ethical hacking, vulnerability assessment, or offensive security roles with proven experience conducting VAPT engagements for enterprise and multinational clients across various industries.​

Certifications

Required:

• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) – EC-Council

Preferred:

• Offensive Security Certified Expert (OSCE) or Offensive Security Web Expert (OSWE)
• GIAC Penetration Tester (GPEN) or GIAC Web Application Penetration Tester (GWAPT)
• Certified Red Team Professional (CRTP) or Certified Red Team Expert (CRTE)
• eLearnSecurity certifications (eCPPT, eWPT, eMAPT)
• CompTIA PenTest+

Technical Skills

• Deep expertise in penetration testing methodologies including reconnaissance, scanning, enumeration, exploitation, post-exploitation, and reporting phases​
• Advanced hands-on proficiency with Burp Suite Professional for web application testing including intruder, repeater, scanner, and extension customization​
• Strong experience with Metasploit Framework for exploitation, payload generation, privilege escalation, and post-exploitation modules​
• Proficient in network scanning and reconnaissance using Nmap, Masscan, and network mapping techniques​
• Expertise in vulnerability scanning tools such as Nessus, OpenVAS, Qualys, Acunetix, or Nikto for automated assessment​
• Strong knowledge of web application vulnerabilities including OWASP Top 10, injection flaws, broken authentication, security misconfigurations, and sensitive data exposure​
• Experience with mobile application security testing tools like MobSF, Frida, Objection, APKTool, and Burp Suite mobile testing​
• Proficiency in scripting and automation using Python, Bash, PowerShell, or Ruby for custom exploit development and task automation​
• Strong understanding of operating systems (Windows, Linux, Unix) including privilege escalation techniques, file system security, and system hardening
• Knowledge of Active Directory penetration testing, Kerberos attacks, pass-the-hash, credential dumping, and domain compromise techniques
• Experience with cloud security testing for AWS, Azure, or Google Cloud Platform including IAM misconfigurations, storage vulnerabilities, and cloud-native exploitation
• Understanding of network protocols (TCP/IP, HTTP/HTTPS, DNS, SMB, RDP, SSH) and traffic analysis using Wireshark or tcpdump​
• Familiarity with SQL injection techniques, database exploitation, and database security assessment​

Education

Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Technology, or a related technical field (or equivalent professional experience with relevant certifications).

Soft Skills

• Excellent analytical and problem-solving abilities to identify complex security vulnerabilities and attack paths
• Strong written and verbal communication skills to create detailed reports and present findings to technical and executive audiences
• High level of professionalism, integrity, and ethical conduct when handling sensitive client information and security data
• Detail-oriented mindset ensuring thorough testing coverage and accurate documentation of findings
• Self-motivated with ability to work independently on client engagements and manage testing timelines effectively
• Strong client-facing skills with ability to build trust, answer technical questions, and provide security guidance

Additional Requirements

• Full-time Commitment: Must be a full-time employee exclusively dedicated to Fourth Command without any freelancing activities, third-party affiliations, or participation in bug bounty programs during employment
• Non-Compete Agreement: Willingness to sign and adhere to non-compete and confidentiality agreements prohibiting external security testing or consulting activities
• Client Confidentiality: Demonstrated ability to maintain strict confidentiality and handle sensitive client data, security findings, and proprietary information with discretion
• Multinational Client Experience: Proven track record of working with large enterprise clients, multinational corporations, or clients across multiple geographies with understanding of international security standards
• Professional Conduct: Maintain highest ethical standards following responsible disclosure practices and industry code of conduct for penetration testers
• Continuous Learning: Commitment to staying current with latest vulnerabilities, exploitation techniques, security tools, and industry developments through training and research
• Travel Readiness: Willingness to travel occasionally to client sites for on-site penetration testing engagements and security assessments as required
• Background Verification: Must pass comprehensive background checks and security clearance requirements for working with sensitive client environments

How to Apply

To apply for this position, email your resume to job2026@thefourthcommand.com

Subject Line Format: FC_PENTESTER_[YOUR FULL NAME]_RESUME

Resume Requirements

Your resume must include the following information:

• Last Company Details: Name of your most recent employer, duration of employment (in years/months), job title, and description of penetration testing responsibilities and projects handled
• VAPT Tools and Platforms: Comprehensive list of penetration testing tools you have hands-on experience with, categorized as:
• Web application testing tools (e.g., Burp Suite, OWASP ZAP, Acunetix)
• Network and infrastructure testing tools (e.g., Nmap, Metasploit, Nessus, OpenVAS)
• Mobile application testing tools (e.g., MobSF, Frida, Objection)
• Exploitation frameworks and specialized tools
• Operating systems and platforms used for testing (Kali Linux, Parrot OS, etc.)
• Client Experience: Details of multinational or enterprise clients you have worked with (maintaining confidentiality, you may mention industry sectors such as Banking, Healthcare, E-commerce, Government, Technology, etc.)
• Project Portfolio: Brief descriptions of significant penetration testing engagements including:
• Type of assessment (infrastructure, web app, mobile app, network)
• Scope and complexity
• Key findings or achievements
• Technologies tested
• Certifications: Complete list of security certifications including:
• Certification name
• Issuing organization
• Year obtained and validity status
• Certification ID (if applicable)
• Programming and Scripting Skills: Languages you are proficient in (Python, Bash, PowerShell, Ruby, etc.) with examples of security tools or scripts developed
• Methodologies and Frameworks: Familiarity with testing methodologies such as OWASP Testing Guide, PTES, NIST SP 800-115, and compliance frameworks (PCI DSS, ISO 27001, HIPAA)
• Educational Background: Degree details including specialization, institution, and year of completion
• Professional Declaration: A statement confirming you are not currently engaged in freelancing, bug bounty programs, or affiliated with any third-party security testing platforms, and are willing to commit exclusively to full-time employment
• Passport Size Photograph: A recent passport size photograph must be included on your resume (mandatory requirement)

Incomplete applications or resumes missing any of the above requirements will not be considered for evaluation.

Job Type: Full-time

Pay: ₹300,000.00 - ₹800,000.00 per year

Work Location: In person