Role Overview:
We are seeking a driven and technically proficient Penetration Tester. The ideal candidate will have solid experience in performing end-to-end Vulnerability Assessments and Penetration Testing (VAPT) across various environments, possess strong reporting and scripting skills, and demonstrate the ability to engage with clients during both pre-sales and project delivery phases. This is an excellent opportunity for someone looking to grow their career within a CREST-accredited organization that delivers high-impact services to critical industries.
Responsibilities:
Penetration Testing & Security Assessments
* Plan, execute, and document penetration tests on web applications, mobile apps, APIs, infrastructure, cloud environments, and internal/external networks. (Black, Grey, White pentest)
* Perform source code reviews to uncover insecure code practices and logical vulnerabilities.
* Develop custom POC scripts and exploits in Python, PHP, JavaScript, and HTML.
* Utilize industry-standard tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, WebInspect, and manual testing techniques.
* Conduct compliance-aligned security assessments based on OWASP, NIST, CREST, and MITRE ATT&CK frameworks.
Reporting & Documentation
* Prepare detailed technical and executive reports, risk analysis, and remediation recommendations.
* Draft and maintain standardized test plans, methodologies, and reporting templates.
* Perform peer reviews of reports and assessments for accuracy, clarity, and technical depth.
Client Engagement & Pre-Sales
* Support pre-sales activities including technical scoping, requirement gathering, and proposal development.
* Participate in client-facing meetings to explain findings, provide mitigation advice, and manage expectations when needed.
Requirements:
* Minimum 4 years of penetration testing experience
* CREST CRT and CPSA certified (preferred)
* Other Security certifications: OSCP, OSWP, HTB, CBBH, CISSP (Bonus)
* Red Team experience (Bonus)
* Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices
* Strong scripting and automation skills using Python, PowerShell, or Bash
* Experience with both automated tools and manual testing techniques
* Strong written and verbal communication skills, especially for reporting and client presentations
* Ability to manage multiple projects and deadlines in a fast-paced consulting environment
Recommended Qualifications:
* Experience with cloud security testing (AWS, Azure, GCP)
* Knowledge of DevSecOps or CI/CD integration with security tools
* Familiarity with red teaming, adversary emulation, or purple teaming
* Involvement in bug bounty programs or CTFs
#J-18808-Ljbffr