Penetration Tester

Job Summary:

We are seeking a highly skilled Penetration Tester to join our cybersecurity team. In this role, you will be responsible for performing advanced penetration tests on networks, web applications, and systems to identify vulnerabilities and recommend security improvements. The ideal candidate will have experience with various security frameworks, offensive security techniques, and the ability to work both independently and in a team. Holding a CRT (CREST Registered Tester)certification is preferred but not mandatory. You will collaborate with stakeholders to improve the security posture of the organization and its clients.

Key Responsibilities:

• Perform in-depth penetration tests on a wide range of environments, including networks, web applications, mobile applications, and cloud infrastructure.
• Identify and exploit vulnerabilities, and provide actionable remediation recommendations.
• Develop and execute custom test cases, scenarios, and scripts to simulate attack vectors.
• Create detailed reports that clearly communicate findings, risk levels, and suggested mitigation strategies to both technical and non-technical stakeholders.
• Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and technologies.
• Collaborate with development, IT, and security teams to address identified security weaknesses and verify fixes.
• Provide technical advice on security best practices and strategies for securing information systems.
• Assist in threat modeling and security architecture reviews.
• Support red team engagements and simulated attack scenarios.
• Ensure testing methodologies are aligned with industry standards such as OWASP, NIST, CIS Controls, and MITRE ATT&CK framework.
• Participate in security incident response when required, assisting in post-incident forensic investigations.

Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Proven experience in penetration testing across various domains (network, web, mobile, cloud, etc.).
• Strong knowledge of penetration testing tools such as Nmap, Metasploit, Burp Suite, Wireshark, Nessus, Kali Linux, etc.
• Deep understanding of network protocols, operating systems (Windows, Linux), and application security.
• Familiarity with security frameworks like CIS, NIST, and OWASP.
• Experience in writing custom scripts to automate security testing (e.g., Python, Bash, PowerShell).
• Ability to work both independently on projects and collaboratively in a team setting.
• Strong problem-solving skills, with the ability to think critically and analytically.
• Excellent communication skills, with the ability to present complex technical issues to non-technical stakeholders.

Preferred Qualifications:

• CRT (CREST Registered Tester) certification is preferred.
• Other relevant certifications such as OSCP, OSWE, CPT, CEH, GPEN, or CISSP.
• Knowledge of cloud security testing in platforms like AWS, Azure, or Google Cloud.
• Familiarity with container security (e.g., Docker, Kubernetes) and DevSecOps practices.
• Understanding of social engineering techniques and their role in penetration testing.
• Experience with advanced techniques such as exploit development and red teaming.