Security Penetration Tester

Key Responsibilities

1. Penetration Testing & Vulnerability Assessments

• Perform comprehensive penetration tests on web applications, APIs, and mobile apps, including authentication mechanisms, business logic, session management, and data security controls.
• Execute cloud penetration testing engagements across AWS, Azure, and GCP environments, focusing on IAM misconfigurations, container security (Kubernetes, Docker), serverless functions, and storage services.
• Conduct firewall and perimeter security assessments, including rule-set reviews, evasion techniques, port/protocol testing, and VPN security validation.
• Simulate real-world attack scenarios (Red Team/Blue Team exercises) to assess detection and response capabilities.
• Lead and design threat modeling sessions to proactively identify risks in new systems or architectures.

2. Exploitation & Advanced Techniques

• Develop and use custom scripts, exploits, and tools when off-the-shelf solutions are insufficient.
• Perform privilege escalation, lateral movement, and persistence testing within controlled environments.
• Exploit misconfigurations, insecure code, or weak controls to demonstrate potential business impact.
• Research and simulate emerging attack vectors relevant to web, cloud, and network infrastructures.

3. Reporting & Stakeholder Communication

• Deliver clear, actionable, and prioritized reports highlighting vulnerabilities, risks, and business impact.
• Translate complex technical findings into business-friendly recommendations for executives and non-technical stakeholders.
• Collaborate with software developers, cloud engineers, and network/security administrators to validate vulnerabilities and advise on remediation.
• Provide post-assessment debriefs and knowledge-sharing sessions with IT and security teams.

4. Security Advisory & Continuous Improvement

• Contribute expertise during secure design reviews of web applications, APIs, cloud deployments, and network architectures.
• Advise teams on hardening measures, best practices, and compliance with security frameworks (OWASP ASVS, CIS Benchmarks, NIST, ISO 27001).
• Develop methodologies and playbooks for web, cloud, and firewall penetration testing to standardize assessments across the organization.
• Continuously research new exploits, vulnerabilities, and security tools, ensuring testing techniques remain cutting-edge.

Job Type: Full-time

Work Location: In person