Penetration Tester

We are seeking a highly skilled and experienced Cybersecurity Consultant with over 5 years of proven expertise in penetration testing, red teaming, vulnerability assessment , and Active Directory exploitation . In this role, you will simulate real-world attack scenarios, uncover critical vulnerabilities, and provide technical remediation guidance to strengthen security postures. You will also mentor junior team members and work cross-functionally to embed security best practices throughout the organization. Key Responsibilities Perform manual penetration testing on a variety of targets including: Web applications Internal business applications APIs Internal and external networks Mobile applications Plan and execute network penetration testing and Red Team assessments to simulate sophisticated threat actor behavior. Conduct Active Directory and Windows infrastructure testing , including attacks on Certificate Services , Kerberos , and NTLM . Execute social engineering assessments , including phishing campaigns and physical security evaluations. Conduct OSINT investigations to identify public exposure of sensitive assets or credentials. Customize and develop tools, scripts, and proof-of-concept exploits to meet specific operational goals. Continuously research emerging threats, vulnerabilities, attack vectors, and security technologies. Present detailed technical reports to stakeholders with risk ratings, impact summaries, and actionable remediation steps. Work closely with development, IT, and business teams to integrate security into project lifecycles and DevOps pipelines. Mentor junior team members , contribute to knowledge sharing, and promote security awareness throughout the organization. Required Skills and Qualifications Minimum 5 years of professional experience in cybersecurity with a focus on: Network and web application penetration testing Red teaming engagements Vulnerability assessments and exploit development In-depth understanding of: Network protocols and system architectures Microsoft enterprise infrastructure (Windows Servers, Active Directory, AD CS, Azure) Web and mobile application security , authentication mechanisms, and encryption Experience with manual exploitation techniques , as well as using and customizing tools like: Burp Suite, Nmap, Metasploit, BloodHound, Cobalt Strike, etc. Knowledge of social engineering attack vectors and security awareness testing Ability to perform business logic assessments and identify flaws beyond automated scanning Strong communication skills, including the ability to translate technical findings into executive-level reports Preferred Certifications One or more of the following certifications are highly desirable: OSCP Offensive Security Certified Professional OSEP Offensive Security Experienced Penetration Tester CRTP / CRTO Certified Red Team Professional / Operator OSWA / GWAPT Web Application Security Certs Professional Attributes Excellent analytical and problem-solving skills High degree of attention to detail Strong written and verbal communication skills Self-motivated with a proactive approach to learning and threat research Comfortable working both independently and in collaborative team settings