We are looking for a skilled and experienced Penetration Tester to join our dynamic team. This individual will play a key role in identifying vulnerabilities, exploiting weaknesses, and securing systems in highly sensitive and regulated environments, particularly in banking and financial services. The ideal candidate will have good experience in penetration testing, vulnerability assessments, combined with a strong understanding of application security, network protocols, cryptography, and incident response.

Responsibilities:

• Conduct penetration testing and security assessments on web applications, networks, and mobile applications, focusing on identifying and exploiting vulnerabilities.
• Perform manual and dynamic code reviews of applications to identify security flaws using best practices such as OSSTMM, MITRE ATT&CK Framework, and OWASP Top 10 methodologies.
• Utilize industry-leading tools such as Burp Suite, Nessus, Metasploit, OWASP ZAP, and Cariddi to conduct thorough testing and assessments.
• Develop and execute custom exploits and tools to detect and exploit vulnerabilities, including performing research to discover new attack vectors.
• Provide high-quality security assessments and comprehensive vulnerability reports, detailing findings, risks, and remediation recommendations.
• Mentor junior penetration testers, helping to guide them on best practices and technical growth.
• Advise clients on security risks, attack vectors, and penetration testing methodologies, ensuring industry standards are followed.
• Perform network penetration testing and security assessments with expertise in whitebox, blackbox, and assume breached approaches.
• Carry out post-exploitation tasks such as lateral movement, privilege escalation, and persistence techniques, ensuring an in-depth security evaluation.
• Collaborate with internal teams and clients to ensure a robust defense against potential cyber threats and breaches.

Requirements:

• 3+ years of hands-on experience in penetration testing with a strong focus on web applications.
• Proficient in using penetration testing tools like Burp Suite, Kali Linux, Nessus, Metasploit, OWASP ZAP, and Cariddi.
• In-depth knowledge of network protocols, cryptography, web application security
• Strong background in manual exploitation of vulnerabilities, particularly in line with the OWASP Top 10 and beyond.
• Proficiency in scripting languages such as Python, JavaScript, and other relevant programming languages.
• Extensive experience in conducting security assessments, vulnerability exploitation, and risk reporting.

Additional Skills (Preferred):

• Experience in red teaming assessments with knowledge of industry best practices.
• Knowledge and experience working with intrusion detection and incident response methodologies.
• Experience working in banking or highly regulated environments.
• Mobile application security
• Industry-recognized certifications, such as OSCP, eCPPT, OSEP, CRTO, CRTP or similar certifications, are required.