Penetration Tester

Key Responsibilities
Perform manual and automated penetration testing of web and mobile applications.
Lead security assessments using DAST and SAST tools (e.g., Burp Suite, ZAP, Checkmarx,
AppScan, WebInspect, Acunetix).
Evaluate and secure cloud environments (AWS and Azure) including EC2, S3, RDS, VNets,
and Azure DevOps pipelines.
Conduct API security reviews, enforce secure coding practices, and validate
implementations against best practices.
Perform code reviews in Python, Java, PHP, Perl, and Objective-C to identify
vulnerabilities.
Provide architecture-level feedback on SSL/TLS, networking, load balancing, and ACL
configurations.
Develop and maintain Application Security Programs with a focus on CI/CD integration
and secure SDLC.
Lead scoping calls with stakeholders, define testing approaches, and present
findings/reports.
Actively research emerging exploits and contribute to vulnerability discovery (e.g., CTF,
Hack the Box).
Collaborate with engineering and product teams to ensure remediation strategies are
adopted.
Required Skills
8+ Years of experience.
Strong knowledge of OWASP Top 10, NIST, and secure SDLC.
Proficiency in penetration testing tools: Burp Suite, Metasploit, ZAP, Checkmarx,
AppScan.
Hands-on cloud security expertise in AWS (EC2, S3, RDS, KMS) and Azure security
architecture.
Strong programming background in Python, Java, PHP, Perl, Objective-C for code review
and exploit development.
In-depth knowledge of network security concepts: SSL/TLS, TCP/IP, ACLs, routing, load
balancing.
Familiarity with LAMP, LEMP, and MEAN stacks from a security perspective.
Excellent communication skills for both technical and business stakeholders.
Required Certifications
OSCP / OSWA / CEH, or SANS (GWAPT, GPEN, GWEB)