Penetration Tester

Role Summary: We are looking for a skilled and hands-on Mid-Level Penetration Tester to join our offensive security team. The ideal candidate should have strong manual testing skills and experience assessing diverse environments including web applications, APIs, mobile apps, wireless networks, infrastructure, and thick client applications. You’ll be responsible for identifying vulnerabilities, exploiting them ethically, and delivering actionable insights to help improve the organization’s security posture.

Key Responsibilities:

Perform manual penetration tests on:

Web applications (OWASP Top 10, business logic flaws)

REST/SOAP APIs

Mobile applications (Android/iOS)

Wireless networks (WPA2/Enterprise, rogue APs)

Internal/external network infrastructure

Thick client applications (custom-built software)

Simulate real-world attack scenarios, leveraging custom scripts, payloads, and tools to bypass defenses.

Document detailed findings with proof-of-concept, risk ratings, and tailored mitigation recommendations.

Assist with threat modeling and scoping of penetration tests with relevant stakeholders.

Collaborate with developers, system admins, and IT teams during remediation and retesting phases.

Stay current on emerging threats, techniques, and exploits through continuous research.

Contribute to the improvement of internal testing methodologies and reporting templates.

Required Skills & Experience:

Hands-on experience in penetration testing with a strong emphasis on manual testing techniques.

In-depth understanding of web technologies (HTML, JavaScript, HTTP/S, cookies, sessions).

Familiarity with OWASP Top 10, MITRE ATT&CK, and CWE/SANS 25.

Experience with tools like Burp Suite Pro, OWASP ZAP, Postman, Wireshark, Nmap, and custom scripts.

Knowledge of common authentication/authorization mechanisms (OAuth2, JWT, SSO).

Hands-on experience in testing mobile apps using tools like MobSF, Frida, or JADX.

Proficiency in scripting (Python, Bash, PowerShell) for custom exploit development or automation.

Ability to manually analyze application logic and chain vulnerabilities creatively.