The Penetration Tester is responsible for identifying, exploiting, and validating security vulnerabilities across applications, networks, and systems to strengthen the organization's security posture. The role involves performing comprehensive vulnerability assessments and penetration testing engagements using both automated and manual techniques, while providing actionable insights and remediation recommendations.
Working closely with development, infrastructure, and security teams, the Penetration Tester supports the identification of risks, validates mitigation controls, and contributes to enhancing secure development and operational practices. The role also plays a key part in ensuring alignment with industry standards and best practices in application and infrastructure security.
Requirements:
Vulnerability Assessment & Penetration Testing
- Perform end-to-end vulnerability assessments and penetration testing (VAPT) across applications, networks, and systems
- Conduct web application, mobile application, and API security testing using both automated and manual techniques
- Perform network penetration testing to identify infrastructure vulnerabilities and misconfigurations
- Execute mitigation validation and re-testing activities, including testing for bypass techniques
Security Testing & Analysis
- Identify and exploit security vulnerabilities across different environments and technology stacks
- Conduct false positive and false negative analysis and provide accurate validation of findings
- Perform secure code reviews when required to identify application-level vulnerabilities
- Analyze findings and prioritize risks based on severity and business impact
Reporting & Remediation Support
- Document vulnerabilities, testing methodologies, and remediation recommendations in detailed reports
- Present findings to technical and non-technical stakeholders, including senior personnel
- Provide guidance to development and infrastructure teams on remediation approaches
- Perform re-testing of remediated vulnerabilities to ensure closure
Tools & Methodologies
- Utilize industry-standard tools such as Burp Suite, Metasploit, Kali Linux, intercepting proxies, and other security testing tools
- Apply frameworks such as OWASP Top 10 and OWASP Testing Methodologies
- Stay updated with emerging threats, vulnerabilities, and penetration testing techniques
Collaboration & Continuous Improvement
- Collaborate with security, development, and infrastructure teams to improve security practices
- Contribute to improving internal testing methodologies and frameworks
- Support the development of security standards, guidelines, and best practices
Requirements
- 3-5 years of experience in penetration testing, vulnerability management, or information security roles
- Proven experience in web, mobile, API, and network penetration testing
- Bachelor's degree in Computer Science, Information Security, or a related field
- Relevant certifications such as: OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), CISSP (preferred)
- Strong understanding of modern threat landscapes and attack methodologies
- Ability to work on multiple engagements and manage competing priorities
- Commitment to maintaining up-to-date knowledge of vulnerabilities, exploits, and security tools
