Penetration Tester

Penetration Tester

About the Role

We are looking for a skilled and curious Penetration Tester to join our security team. You will be responsible for simulating real-world attacks against our clients' infrastructure, applications, and people helping them find and fix vulnerabilities before malicious actors do. You'll work across a variety of engagements, from black-box network assessments to red team operations, and produce clear, actionable reports for both technical and executive audiences.

Key Responsibilities

• Plan and execute penetration tests across web applications, APIs, internal/external networks, cloud environments, and mobile applications.
• Conduct red team exercises including social engineering, phishing simulations, and physical security assessments.
• Identify, exploit, and document vulnerabilities in a controlled and responsible manner.
• Produce high-quality written reports detailing findings, risk ratings, and remediation recommendations.
• Present results to both technical teams and non-technical stakeholders.
• Stay current with the latest attack techniques, CVEs, and security research.
• Contribute to internal tooling, playbooks, and methodology development.
• Optionally support clients through remediation and re-testing cycles.

Required Skills & Experience

• 2+ years of hands-on penetration testing experience (commercial or demonstrable equivalent).
• Proficiency with industry-standard tools: Burp Suite, Metasploit, Nmap, Nessus/OpenVAS, Cobalt Strike or similar C2 frameworks, Bloodhound/SharpHound, Impacket.
• Strong understanding of OWASP Top 10 and common web application vulnerabilities.
• Experience with Active Directory attacks (Kerberoasting, Pass-the-Hash, lateral movement).
• Familiarity with at least one scripting/programming language (Python, Bash, PowerShell).
• Ability to write clear, structured, professional pentest reports in English.
• Knowledge of common compliance frameworks (ISO 27001, NIS2, DORA, PCI-DSS) is a plus.

Nice to Have

• Certifications such as OSCP, OSEP, CEH, CREST CRT/CCT, or equivalent.
• Experience with cloud penetration testing (AWS, Azure, GCP).
• Mobile application testing (Android/iOS).
• Contributions to open-source security tools or CVE disclosures.
• Experience in OT/ICS or embedded systems security.