Senior Penetration Tester

• Jobseeker Video Testimonials
  
• Employee Glassdoor Reviews
  

We are an IT Solutions Integrator/Consulting Firm helping our clients hire the right professional for an exciting long-term project. Here are a few details.

Requirements

We are seeking experienced Penetration Testers with strong hands-on expertise in manual Web and Mobile Application Security Testing. The ideal candidate should possess deep offensive security knowledge practical vulnerability assessment experience and the ability to perform advanced manual testing across modern application environments APIs networks and emerging AI-enabled systems.

The role requires strong analytical capability stakeholder communication skills and experience delivering actionable security recommendations aligned with business risk.

Key Responsibilities

• Lead and support technical scoping of penetration testing and offensive security engagements based on business requirements architecture reviews and risk assessments.
  
• Perform advanced manual penetration testing across:
  • Web Applications
    
  • Mobile Applications (Android & iOS)
    
  • APIs / Web Services
    
  • Network Environments
    
  • Thick Client Applications
    
• Assess complex application and infrastructure architectures to identify attack paths security gaps and design weaknesses.
  
• Conduct hands-on validation of vulnerabilities and distinguish exploitable findings from false positives.
  
• Provide consultative risk-based remediation guidance to stakeholders through verbal discussions and detailed written reports.
  
• Prepare high-quality technical reports and executive summaries outlining risk exposure business impact and remediation recommendations.
  
• Conduct vulnerability research exploit validation and focused security research activities.
  
• Contribute to enhancement of penetration testing methodologies standards playbooks and internal processes.
  
• Leverage scripting automation and AI-assisted techniques to improve testing efficiency and coverage.
  
• Support testing of AI-enabled applications including:
  • LLM Security Testing
    
  • Prompt Injection Testing
    
  • AI Misuse Scenario Validation
    
  • AI-assisted Exploit Research
    
• Maintain technical proficiency through continuous learning certifications training and research.
  
• Manage multiple engagements simultaneously while ensuring quality and timely delivery.
  
• Effectively communicate penetration testing capabilities and service offerings to internal and external stakeholders.
  

Required Qualifications

• 58 years of hands-on experience in:
  • Manual Web Application Penetration Testing
    
  • Manual Mobile Application Penetration Testing
    
  • API / Web Services Security Testing
    
  • Network Penetration Testing
    
• Strong expertise in identifying and exploiting common application and infrastructure vulnerabilities.
  
• Experience with security testing tools such as:
  • Burp Suite
    
  • OWASP ZAP
    
  • Metasploit
    
  • SQLMap
    
  • Nmap
    
  • Postman
    
  • Swagger
    
  • Qualys
    
• Strong experience using Kali Linux or similar penetration testing platforms.
  
• Good understanding of:
  • OWASP Top 10
    
  • OWASP API Security Top 10
    
  • MITRE ATT&CK Framework
    
  • Application Security Principles
    
  • Attack Methodologies
    
• Working knowledge of scripting languages such as Python Bash or PowerShell.
  
• Strong analytical troubleshooting and communication skills.
  
• Ability to explain technical vulnerabilities and remediation steps to both technical and non-technical stakeholders.
  
• Experience working in fast-paced multi-stakeholder global delivery environments.
  

Preferred Qualifications

• Exposure to:
  • OWASP LLM Top 10
    
  • AI-assisted Security Testing
    
  • AI-enabled Application Security Assessments
    
  • Reverse Engineering Techniques
    
  • Cloud Security Testing
    
  • SAST / DAST tools
    
• Familiarity with secure coding practices and remediation validation.
  
• Relevant certifications are advantageous but not mandatory:
  • OSCP
    
  • OSWE
    
  • OSEP
    
  • GPEN
    
  • GWAPT
    
  • GMOB
    
  • eCPPT
    

Benefits