Penetration Tester

Notes:

• An assessment test will be sent to candidate (not coding)
• Locals preferred but will entertain relocation for good candidates

Job Description:

• Candidates should have combination of working in 3rd party penetration testing service and internal penetration test team.
• Candidates should have both experience of working on different system as well as sleeping on a system to find vulnerability.
• Candidates should know Browser Security Complete Penetration testing scenarios and Exploitation techniques.
• Why browser security Because all the interaction is through browser and some of vulnerabilities and exploitation technique rely on browser because developer customize the browser behavior based on the application.

About the Role:

• We are looking for a Senior Offensive Security Engineer to proactively identify exploit and help eliminate security weaknesses across our web platforms and AI/ML systems.
• In this role you will think like an attacker operate with engineering rigor and work closely with product platform and AI teams to raise the security bar across the organization.
• You will lead complex penetration tests design novel attack techniques for web and modern AI-powered applications and influence secure-by-design architecture at scale.

Responsibilities:

• Conduct offensive security assessments on large-scale web applications REST APIs and cloud-backed services.
• Identify and validate vulnerabilities including injection flaws access control issues authentication/authorization weaknesses SSRF deserialization and logic bugs.
• Design and execute red team style engagements simulating real-world adversaries.
• Develop custom exploitation tools PoCs and fuzzers for web and AI attack surfaces.
• Identify systemic security weaknesses and collaborate with engineering teams to drive long-term mitigations.
• Review architectures and designs for new products with an attacker mindset.
• Produce clear actionable security reports and present findings to technical and executive stakeholders.

Must Have:

• Ethical hacking in threat lab
• Red Team- Black Box testing
• Threat modeling.
• API Testing/Security
• Web Vulnerabilities
• Code reviews

Minimum Qualifications

• Masters degree in computer science Computer Engineering Information Security or a closely related technical field.
• Doctorate (PhD) in a relevant field is a plus but not required.
• 5 years of experience in offensive security penetration testing or red teaming.
• Deep expertise in web application security.
• Strong understanding of API security.
• Hands-on experience testing AI/ML or LLM-based systems or strong motivation with demonstrated research in this area.
• Proficiency in at least one scripting or programming language (Python Go JavaScript or similar).
• Strong knowledge of common exploitation techniques and attacker tooling.

Preferred Qualifications:

• Prior work on adversarial ML red-teaming AI systems or secure LLM pipeline
• design.
• Experience with cloud security (AWS GCP Azure) and containerized environments.
• Background in security research published CVEs CTF experience blog posts or conference talks.
• OSCP OSEP OSWE CRTO or similar.

What We Look For:

• An attacker-first mindset with strong engineering discipline.
• Ability to go beyond scanners and find novel high-impact vulnerabilities.
• Clear communicator who can translate complex exploits into actionable fixes.
• Curiosity about emerging threats especially in AI security.
• Ownership mentality and comfort operating in ambiguous problem spaces.