We are seeking a skilled Penetration Tester (Ethical Hacker) to identify and exploit vulnerabilities in our clients' systems, networks, and applications before malicious actors can. The ideal candidate will have hands-on experience in ethical hacking, vulnerability assessment, and penetration testing across web apps, mobile apps, APIs, cloud environments, and network infrastructure.
You will conduct simulated cyberattacks (with permission), document security flaws, and provide actionable remediation strategies. Strong knowledge of OWASP Top 10, MITRE ATT&CK, and industry-standard penetration testing tools is essential.
Key Responsibilities
Penetration Testing & Ethical Hacking

• Perform black-box, white-box, and gray-box penetration tests on web applications, APIs, mobile apps, and networks.
• Conduct external and internal network penetration tests (e.g., Active Directory, firewalls, VPNs).
• Identify and exploit OWASP Top 10 vulnerabilities (SQLi, XSS, CSRF, SSRF, RCE, etc.).
• Perform cloud security assessments (AWS, Azure, GCP) for misconfigurations and vulnerabilities.
• Simulate social engineering attacks (phishing, pretexting, physical security breaches).
• Test IoT devices, embedded systems, and industrial control systems (ICS/SCADA) (if applicable).

Vulnerability Assessment & Exploitation

• Use Burp Suite, OWASP ZAP, Metasploit, Nmap, and Cobalt Strike for vulnerability discovery.
• Perform privilege escalation, lateral movement, and post-exploitation techniques.
• Conduct red teaming exercises to test detection and response capabilities.
• Analyze binary exploits (buffer overflows, memory corruption) in applications.

Reporting & Remediation Guidance

• Document findings in detailed penetration test reports with CVSS scoring.
• Provide clear remediation steps for developers and IT teams.
• Present findings to technical and non-technical stakeholders.
• Assist in retesting fixed vulnerabilities to ensure proper mitigation.

Security Research & Tool Development

• Stay updated on latest exploits, zero-day vulnerabilities, and attack techniques.
• Develop custom scripts (Python, Bash, PowerShell) for automation.
• Contribute to open-source security tools or internal security projects.

Required Skills & Qualifications
Technical Skills
✅ Penetration Testing Tools:

• Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Cobalt Strike, SQLmap, Wireshark
• Kali Linux, Parrot OS, and offensive security toolkits

✅ Exploitation Techniques:

• Web app hacking (SQLi, XSS, SSRF, CSRF, IDOR, etc.)
• Network penetration (Active Directory attacks, pivoting, MITM)
• Cloud security (AWS/Azure/GCP misconfigurations, IAM flaws)
• Mobile app security (Android/iOS reverse engineering, Frida, MobSF)

✅ Programming & Scripting:

• Python, Bash, PowerShell (for exploit development & automation)
• Familiarity with C/C++ (for binary exploitation)

✅ Certifications (Preferred):

• OSCP (Offensive Security Certified Professional) – Gold Standard
• CEH (Certified Ethical Hacker)
• eJPT/eCPPT (eLearnSecurity)
• CISSP, GWAPT, GPEN, or CREST certifications

Soft Skills & Experience

• 3+ years of hands-on penetration testing experience.
• Strong problem-solving, analytical, and report-writing skills.
• Ability to think like a hacker while maintaining ethical standards.
• Experience with bug bounty programs (HackerOne, Bugcrowd) is a plus.