Penetration Tester

C2C Role

Please share Profiles at

Hi,

Urgent need,

Job Title: ( Mid-Level ) Penetration Tester

Location: Remote

Duration: 6 - 12 months

Job Summary:

The Mid-Level Penetration Tester independently delivers penetration testing engagements and acts as a technical anchor for junior team members. The role balances deep technical execution, client-facing communication, and risk-based judgement aligned to enterprise and regulated environments.

This role is accountable for end-to-end test delivery quality.

Core Responsibilities

• Independent Test Delivery
• Lead and execute penetration testing engagements across:
• External and internal network testing
• Web application and API security testing
• Active Directory and identity-centric attack paths
• Cloud security testing (AWS, Azure, Google Cloud Platform)
• Develop attack paths that reflect real-world adversary behavior.
• Conduct authorized exploitation, post-exploitation, and lateral movement where permitted.
• Client Interaction & Scoping Support

Participate in:

• Pre-engagement scoping and assumptions validation
• Rules of Engagement walkthroughs
• Close-out and remediation discussions
• Translate technical findings into clear, business-relevant risk statements.
• Support retesting activities and validation of remediation.
• Reporting Ownership & Quality
• Own penetration test reporting end-to-end, including:
• Executive summaries
• Risk prioritization
• Clear remediation guidance
• Ensure reports meet internal QA standards and client expectations.
• Peer-review junior tester output and provide corrective guidance.
• Mentorship & Practice Contribution
• Provide on-the-job coaching to junior penetration testers.

Contribute to:

• Internal testing methodologies
• Tooling improvements
• Reusable attack patterns and playbooks
• Support estimation and effort-sizing inputs for future engagements.
• Required Skills & Experience
• Technical Depth
• Strong hands-on experience with:
• Web and API exploitation
• Network and AD security testing
• Authentication and authorization weaknesses
• Cloud misconfiguration and identity risks
• Advanced proficiency with tools such as:
• Burp Suite Pro
• Metasploit
• BloodHound
• Scripting for automation or exploit development (Python preferred).

Experience

• 5 years of professional penetration testing experience.
• Proven track record delivering client-facing engagements.
• Experience in enterprise or regulated environments preferred.

Certifications (Strongly Preferred)

• CREST CRT or CCT
• OSCP
• Burp Suite Certified Practitioner
• Cloud security certifications (AWS / Azure)

Thanks and regards

Shaik Wazeed

Sureminds Solutions