Senior Security Penetration Tester

POSITION OVERVIEW

We are seeking a highly skilled and analytical Senior Security Penetration Tester to join our Cyber Security team. This is not a checklist-based role; we are looking for a dedicated security professional who possesses an "adversarial mindset." The successful candidate will go beyond automated scanning to perform deep-dive manual exploitation, identifying complex logic flaws and architectural weaknesses that automated tools often overlook.

KEY RESPONSIBILITIES

• Full-Spectrum Penetration Testing: Execute comprehensive security assessments across diverse environments, including Web Applications, Mobile Platforms (iOS/Android), Cloud Infrastructure (AWS/GCP), and internal corporate networks.
• Deep-Dive API & IAM Analysis: Perform rigorous testing on the "backbone" of our digital services, focusing on API security, authentication protocols, and Identity & Access Management (IAM) to prevent unauthorized privilege escalation.
• Vulnerability Chaining & Impact Analysis: Correlate disparate vulnerabilities to build comprehensive attack scenarios. Demonstrate the potential business impact of findings through clear, reproducible Proof of Concepts (PoC).
• Strategic Remediation & Reporting: Deliver high-quality technical reports for both technical and executive audiences. Provide actionable, risk-based remediation guidance to development teams to strengthen the organizational security posture.
• Security Research: Stay abreast of the latest threat actor TTPs (Tactics, Techniques, and Procedures) and integrate new exploitation methods into the testing lifecycle.

DESIRED QUALIFICATIONS (NICE-TO-HAVE)

• Specialized Domain Knowledge: Previous experience in Game Security (including client/server architecture and anti-cheat systems) is highly regarded.
• Professional Certifications: Holding industry-recognized certifications such as - OffSec: OSWE, OSCP, or OSEP and/or HTB/TCM: CWES, CWEE, PWPE, or PMPA.
• Specialized: CMSE (Cloud), ASCP (API), or GIAC (GMOB, GWAPT, GCPN).
• Industry Contributions: Active participation in Bug Bounty programs (HackerOne, Bugcrowd) or a history of discovered and documented CVEs.