Security Analyst (Penetration Testing)

Location: Remote (South Africa) Ideally Gauteng
Type: Permanent Junior to Mid Level

About Redherd

Redherd is a specialist cybersecurity recruitment and advisory firm working globally with security consultancies product companies and technology organisations. We partner closely with technically strong teams to identify high-impact security talent across offensive security cloud security vulnerability research and threat intelligence.

About the Client

Our client is a respected cybersecurity consultancy delivering offensive security and cyber threat intelligence services to organisations across regulated industries including financial services retail and technology. The team works with clients both locally and internationally and operates with a strong emphasis on technical quality research and professional development.

Role Overview

We are seeking a Junior to Mid-Level Security Analyst / Penetration Tester to join a growing offensive security team.

This role is ideal for security professionals early in their offensive security career who want to deepen their hands-on penetration testing skills across modern environments including web applications APIs infrastructure cloud platforms and mobile applications.

You will work alongside experienced penetration testers performing real-world security assessments learning advanced testing techniques and developing practical exploitation and reporting skills.

The position is well suited to individuals who are curious technically motivated and passionate about discovering vulnerabilities and understanding how systems can be broken and secured.

Key Responsibilities

Security Testing & Analysis

Assist in performing penetration tests across web applications APIs mobile applications infrastructure environments and cloud systems.
Identify and validate security vulnerabilities such as authentication flaws insecure access controls and common OWASP vulnerabilities.
Support external and internal infrastructure testing including network and Active Directory environments.
Assist with cloud security assessments across platforms such as AWS and Azure.
Use industry-standard tools and manual testing techniques to identify security weaknesses.

Vulnerability Validation & Reporting

Document testing activities and maintain clear testing notes and evidence.
Assist in preparing technical reports with vulnerability descriptions and remediation guidance.
Work with senior analysts to validate findings and assess business impact.
Participate in report reviews and quality assurance processes.

Learning & Professional Development

Develop technical skills across manual testing exploitation techniques and security tooling.
Participate in internal knowledge sharing labs and research initiatives.
Contribute to improving testing methodologies scripts or internal tools.
Stay current with emerging vulnerabilities tools and attack techniques.

Required Experience

13 years of experience in penetration testing vulnerability assessment or offensive security related work.
Foundational understanding of web application security concepts and OWASP Top 10 vulnerabilities.
Familiarity with penetration testing tools such as Burp Suite Nmap Kali Linux or similar security tooling.
Basic scripting ability in Python Bash or PowerShell.
Strong curiosity and willingness to learn offensive security techniques.
Good written communication skills and ability to document technical findings clearly.

Nice to Have

Certifications such as eJPT eWPT PNPT OSCP CREST CPSA or similar.
Exposure to API security testing mobile security testing or cloud security concepts.
Experience with CTFs Hack The Box TryHackMe or security labs.
Familiarity with Linux systems networking fundamentals or Active Directory environments.
Personal projects research or community involvement within cybersecurity.