(REMOTE) Penetration Tester / Ethical Hacker

Penetration Tester / Ethical Hacker

Company: TeamFicient
Location: Pakistan (Remote / Hybrid)
Employment Type: Full-Time or Contract
Salary Range: To be discussed (Negotiable for highly experienced candidates)

Work Schedule:

• Time Range: Between 7 AM – 7 PM CST (Graveyard shift)
• Working Hours: 9 hours per day (8 working hours + 1-hour break)
• Days Off: TBD (2 days per week)

Why Join Us?

• Competitive salary based on experience.
• Opportunity to grow within an international, people-first organization.
• Supportive work environment that values innovation, inclusion, and career growth.

Position Overview

We build an AI-powered MDR and GRC platform that collects logs, runs detections, and maps security and compliance controls.

The Penetration Tester will secure our applications and client environments through authorized testing of web, API, cloud, and endpoint layers, helping convert findings into remediation tasks and audit evidence.

Key Responsibilities

• Conduct authorized penetration tests (web, API, cloud, network, CI/CD).
• Perform vulnerability scanning and manual validation of findings.
• Develop non-destructive proof-of-concept exploits and document impact.
• Produce detailed reports with risk ratings, CVSS scores, and recommendations.
• Translate findings into engineering tickets and support re-tests.
• Integrate SAST/DAST scanners into CI/CD pipelines.
• Conduct periodic vulnerability assessments for demo and production environments.
• Support audits (ISO 27001, SOC 2) with security evidence and training.

Qualifications & Must-Haves

• 2–5 years of experience in penetration testing or red-team operations.
• Strong web app / API testing skills (OWASP Top 10, SSRF, XSS, CSRF, authentication flaws).
• Familiar with cloud security (Azure / AWS misconfigurations, IAM review).
• Solid knowledge of Linux / Windows internals and networking fundamentals.
• Familiar with CI/CD security and secret management.
• Excellent report writing and collaboration skills.

Preferred / Nice to Have:

• Certifications (OSCP, OSWE, eJPT, CEH) are preferred.
• Experience with container security and CI/CD automation.
• Understanding of compliance mapping (ISO 27001, SOC 2, NIST CSF).

Tools & Technologies:

• Nmap, Burp Suite, ZAP, Postman, Nessus, OpenVAS, Trivy, Metasploit (limited), GitHub Actions, SonarQube, ClickUp, Confluence, Google Docs

Education:

• Bachelor’s or Master’s in Cybersecurity, Computer Science, or Information Technology.
• Advanced training or certifications in Ethical Hacking are recommended.

Technical/System Requirements

• Desktop or laptop with Intel Core i7 / i9 or AMD Ryzen 7 / 9 (or higher) processor
• Minimum 32GB RAM for multitasking and large file handling
• NVIDIA RTX or AMD Radeon Pro graphics card (recommended)
• Workstation free from noise and distractions
• Stable primary internet connection and backup internet
• USB headset with noise-cancelling microphone
• Backup power source (generator, UPS, or accessible alternative workspace during outages)

This is a long-term opportunity for an experienced IT professional who is ready to take on a leadership role in a fast-paced, global organization.

Join TeamFicient and help build efficient, secure, and scalable IT operations that empower teams to perform at their best.

Job Type: Full-time

Application Question(s):

• What is your expected monthly salary for this position (in PKR)?

Work Location: Remote