Penetration Tester

Senior Penetration Tester / Offensive Security Consultant

Overview

We’re not looking for a checkbox pentester. We’re hiring an operator who can break real environments, articulate risk in business terms, and help scale offensive security as a service line.

This role sits at the intersection of technical execution, client advisory, and capability development—ideal for someone who can both run engagements and elevate the function.

Core Responsibilities

1. Offensive Security Execution

• Lead and execute end-to-end penetration testing engagements across:
  • Web applications, APIs, and cloud environments
  • Internal and external network infrastructure
  • Active Directory / Entra ID attack paths
• Conduct red team, purple team, and social engineering operations
• Identify, chain, and exploit vulnerabilities to demonstrate real-world impact
• Perform physical security and wireless testing where applicable

2. Adversary Simulation & Advanced Testing

• Emulate advanced threat actors using MITRE ATT&CK-aligned methodologies
• Execute C2 operations, evasion techniques (AMSI/ETW), and post-exploitation workflows
• Conduct multi-cloud (AWS, Azure, Google Cloud Platform) and container/serverless security assessments
• Perform AI/LLM security testing (prompt injection, RAG abuse, model exploitation)

3. Reporting & Client Advisory

• Translate technical findings into clear, prioritized business risk
• Produce high-quality reports with:
  • Exploitation methodology
  • Impact narratives
  • Actionable remediation strategies
• Serve as a trusted advisor, presenting findings to both technical and executive stakeholders

4. Tooling & Automation

• Develop and enhance automated testing tools and frameworks to improve delivery scale and consistency
• Build or leverage AI-augmented offensive tooling to accelerate engagements
• Optimize workflows using scripting (Python, PowerShell, Bash)

5. Practice Development (Senior-Level Expectation)

• Contribute to or lead offensive security service development and standardization
• Align methodologies with SANS, PTES, OWASP, NIST, ISSAF frameworks
• Support pre-sales, scoping, and solution design
• Mentor junior testers and elevate team capability

Required Qualifications

Technical Experience

• 3–8+ years in penetration testing, red teaming, or offensive security
• Proven experience across:
  • Network, web app, and cloud pentesting
  • Active Directory exploitation and privilege escalation
  • Security tooling (Metasploit, Cobalt Strike, Burp Suite, Nmap, BloodHound, etc.)

Core Skillsets

• Strong understanding of:
  • Authentication, IAM, and federation protocols
  • Defensive controls (EDR, SIEM, firewalls) and how to bypass them
• Hands-on scripting/programming:
  • Python, PowerShell, Bash (additional languages a plus)

Certifications (Preferred but not mandatory)

• OSCP, GPEN, CEH, GCIH, CySA+ or equivalent

Nice-to-Have Differentiators (What Separates Top 10%)

• Experience with physical security exploitation (RFID, locks, access control)
• Background in AI security / offensive AI tooling
• Experience building or scaling penetration testing practices or offerings
• Competitive hacking (CTFs, NCL, CyberPatriot, etc.)
• Exposure to OT/ICS/IoT security environments