Penetration Tester

Job Description

• Perform manual and automated penetration testing of web and mobile applications.
• Lead security assessments using DAST and SAST tools (e.g., Burp Suite, ZAP, Checkmarx,

AppScan, WebInspect, Acunetix).

• Evaluate and secure cloud environments (AWS and Azure) including EC2, S3, RDS, VNets,

and Azure DevOps pipelines.

• Conduct API security reviews, enforce secure coding practices, and validate

implementations against best practices.

• Perform code reviews in Python, Java, PHP, Perl, and Objective-C to identify

vulnerabilities.

• Provide architecture-level feedback on SSL/TLS, networking, load balancing, and ACL

configurations.

• Develop and maintain Application Security Programs with a focus on CI/CD integration

and secure SDLC.

• Lead scoping calls with stakeholders, define testing approaches, and present

findings/reports.

• Actively research emerging exploits and contribute to vulnerability discovery (e.g., CTF,

Hack the Box).

• Collaborate with engineering and product teams to ensure remediation strategies are

adopted.

Required Skills

• 8+ Years of experience.
• Strong knowledge of OWASP Top 10, NIST, and secure SDLC.
• Proficiency in penetration testing tools: Burp Suite, Metasploit, ZAP, Checkmarx,

AppScan.

• Hands-on cloud security expertise in AWS (EC2, S3, RDS, KMS) and Azure security

architecture.

• Strong programming background in Python, Java, PHP, Perl, Objective-C for code review

and exploit development.

• In-depth knowledge of network security concepts: SSL/TLS, TCP/IP, ACLs, routing, load

balancing.

• Familiarity with LAMP, LEMP, and MEAN stacks from a security perspective.
• Excellent communication skills for both technical and business stakeholders.

Required Certifications

• OSCP / OSWA / CEH, or SANS (GWAPT, GPEN, GWEB)