Role Overview:
We are seeking a driven and technically proficient Penetration Tester. The ideal candidate will have solid experience in performing end-to-end Vulnerability Assessments and Penetration Testing (VAPT) across various environments, possess strong reporting and scripting skills, and demonstrate the ability to engage with clients during both pre-sales and project delivery phases. This is an excellent opportunity for someone looking to grow their career within a CREST-accredited organization that delivers high-impact services to critical industries.
Responsibilities:
Penetration Testing & Security Assessments
- Plan, execute, and document penetration tests on web applications, mobile apps, APIs, infrastructure, cloud environments, and internal/external networks. (Black, Grey, White pentest)
- Perform source code reviews to uncover insecure code practices and logical vulnerabilities.
- Develop custom POC scripts and exploits in Python, PHP, JavaScript, and HTML.
- Utilize industry-standard tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, WebInspect, and manual testing techniques.
- Conduct compliance-aligned security assessments based on OWASP, NIST, CREST, and MITRE ATT&CK frameworks.
Reporting & Documentation
- Prepare detailed technical and executive reports, risk analysis, and remediation recommendations.
- Draft and maintain standardized test plans, methodologies, and reporting templates.
- Perform peer reviews of reports and assessments for accuracy, clarity, and technical depth.
Client Engagement & Pre-Sales
- Support pre-sales activities including technical scoping, requirement gathering, and proposal development.
- Participate in client-facing meetings to explain findings, provide mitigation advice, and manage expectations when needed.
Requirements:
- Minimum 4 years of penetration testing experience
- CREST CRT and CPSA certified (preferred)
- Other Security certifications: OSCP, OSWP, HTB, CBBH, CISSP (Bonus)
- Red Team experience (Bonus)
- Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices
- Strong scripting and automation skills using Python, PowerShell, or Bash
- Experience with both automated tools and manual testing techniques
- Strong written and verbal communication skills, especially for reporting and client presentations
- Ability to manage multiple projects and deadlines in a fast-paced consulting environment
Recommended Qualifications:
- Experience with cloud security testing (AWS, Azure, GCP)
- Knowledge of DevSecOps or CI/CD integration with security tools
- Familiarity with red teaming, adversary emulation, or purple teaming
- Involvement in bug bounty programs or CTFs