Penetration Tester

You will be responsible for conducting in-depth security assessments to identify and exploit vulnerabilities in client networks, applications, and cloud environments. They will design and execute targeted penetration tests, simulate real-world attack scenarios, and provide detailed recommendations for remediation. This role involves collaborating with managed services teams to develop tailored security testing strategies aligned with client goals and regulatory standards. You will document findings in comprehensive reports, communicate risks to both technical and non-technical stakeholders, and assist with post-remediation testing to verify security improvements. You will also engage in ongoing research to stay current with emerging threats and provide mentorship to junior team members on testing methodologies and tools.

Responsibilities:

• Conduct comprehensive penetration tests, vulnerability assessments, and risk analyses on client networks, applications, and infrastructures.
• Identify security weaknesses and develop custom exploits for targeted testing.
• Develop and execute security testing strategies tailored to each client's specific needs and compliance requirements.
• Collaborate closely with our managed services team to ensure testing aligns with clients' security and business goals.
• Create detailed, actionable reports that clearly outline vulnerabilities, associated risks, and recommended remediation steps.
• Communicate findings to both technical and non-technical stakeholders, ensuring clients understand the security issues and their impact.
• Assist sales with scoping potential projects
• Research and stay current on the latest cybersecurity trends, vulnerabilities, and threat tactics.
• Assist clients with threat modeling to anticipate, prepare for, and mitigate possible attack vectors.
• Develop and document test cases, exploits, and testing methodologies for internal use and future testing scenarios.
• Review and assess the effectiveness of clients' security controls, suggesting improvements based on findings.
• Conduct post-remediation verification testing to ensure issues are properly resolved and no new vulnerabilities are introduced.
• Communicate findings to both technical and non-technical stakeholders, ensuring clients understand the security issues and their impact.
• Provide technical mentorship and training to team members on penetration testing techniques and tools.
• Assist blue team in between pentesting opportunities

• A bachelor's degree in cybersecurity, computer science, information technology, or a related field (or equivalent work experience).
• Hands-on experience in penetration testing and vulnerability assessment, ideally in an MSP or consulting setting.
• Expertise in assessing a variety of network, application, and cloud environments, with a track record of conducting full-scope penetration tests.
• Knowledge of industry standards and compliance regulations such as HIPAA, PCI-DSS, ISO 27001, and NIST frameworks, along with practical experience in ensuring systems meet these standards.
• Strong analytical and problem-solving skills, enabling you to identify, analyze, and remediate complex security issues.
• Proficiency with penetration testing tools such as Burp Suite, Metasploit, Nmap, Wireshark, and others, as well as scripting languages like Python, PowerShell, or Bash.
• Experience with red teaming exercises, with familiarity in Tactics, Techniques, and Procedures (TTPs) used by threat actors.
• Demonstrated success in developing and executing security testing strategies that improve client security postures.
• Experience in threat modeling to identify potential attack vectors and provide targeted recommendations.
• Skilled in writing clear, thorough, and actionable reports on security findings, with the ability to communicate complex security concepts to both technical and non-technical stakeholders.
• Experience conducting post-remediation testing to ensure issues have been resolved without introducing new vulnerabilities.
• Ability to mentor and train junior team members on penetration testing methodologies, tools, and best practices.
• Continuous learning mindset, staying updated on the latest cybersecurity trends, vulnerabilities, and advanced testing techniques.
• Relevant certifications such as OSCP, CEH, GPEN, or equivalent are strongly preferred.