Penetration Testing / Red Team Testing

8 years of working experience and strong understanding of application vulnerability assessment and

penetration testing

Working experience and good hands-on understanding of manual penetration testing and updated with

latest tactics, techniques and procedures for complex applications / APIs

Proficiency with vulnerability assessment & penetration testing tools (Burp Suite, OWASP ZAP, and other

commercial and open-source tools)

Strong expertise in planning and create penetration testing methods, scripts and test cases

Good Understanding of IT security policy, procedure, design, and implementation

Ability to analyze and investigate security-related vulnerabilities and identify false positives

Strong understanding of architecture diagrams and evaluating complex applications / APIs

Strong information security threat and risk-based prioritization and triaging abilities

Solid foundation of common software vulnerabilities and their remediation / mitigation techniques

Working knowledge of regulatory and industry security standards (e.g. GDPR, HIPAA, PCI DSS, SOX, NIST,

DORA and GLBA)

Working knowledge of penetration testing using industry best practices such as OWASP top 10, CWE /

SANS TOP 25 standards and Threat-Led Penetration Testing (TLPT)

Proficiency with documenting and reporting security issues and vulnerabilities, providing

recommendations for remediation and demonstrating / explaining to a wide audience

Relevant certifications (e.g., OSCP, CEH, CISSP) are a plus

Red Team Testing : :

10 years of proven experience in red team operations, penetration testing, and vulnerability assessment

Strong knowledge of attack techniques, tactics, and procedures (TTPs)

Proficiency with red team tools (e.g., Cobalt Strike, Metasploit, BloodHound, etc.)

Familiarity with programming and scripting languages (e.g., Python, PowerShell, Bash)

Understanding of network protocols, operating systems, cloud security, and security technologies

Experience with social engineering and phishing campaigns

Knowledge of lateral movement and privilege escalation techniques

Understanding of cryptographic principles and secure communication protocols

Knowledge of threat modeling and risk assessment methodologies

Experience with incident response and forensic analysis

Proficiency with conducting advanced penetration testing and adversarial simulations to identify security

vulnerabilities

Proficiency with developing and executing test plans, scripts, and procedures for red team operations

Working knowledge of regulatory and industry security standards (e.g. GDPR, HIPAA, PCI DSS, SOX, NIST,

DORA and GLBA)

Working knowledge of penetration testing using industry best practices such as OWASP top 10, CWE /

SANS TOP 25 standards and Threat-Led Penetration Testing (TLPT)

Proficiency with documenting and reporting security issues and vulnerabilities, providing

recommendations for remediation and demonstrating / explaining to a wide audience

Collaborate with blue team (defensive) counterparts to improve overall security posture

Relevant certifications (e.g., OSCP, CRTO, CEH, CISSP) are a plus