Penetration Tester with CISSP

Role Overview

We are looking for a Senior Consultant to lead advanced offensive security engagements, including red teaming, application security testing, and cloud/infrastructure assessments. This role requires deep technical expertise, strong delivery ownership, and the ability to simulate real-world threat actors in mature security environments.

Key Responsibilities

• Lead end-to-end Red Team engagements using black-box and grey-box approaches:
  • OSINT, reconnaissance, credential harvesting
  • Initial access, lateral movement, persistence, and data exfiltration scenarios
• Design and execute attack scenarios aligned with real-world threat actors (MITRE ATT&CK)
• Perform advanced Web Application Penetration Testing:
  • Authenticated testing, business logic abuse, API security, session/auth flaws
  • Lead Infrastructure & Cloud Security Assessments (VPN security -  SSL/IPSec, secure configuration validation, AWS security assessments, architecture, configurations, security controls review)
• Conduct and oversee:
  • Phishing simulations and credential attacks (password spraying)
  • Adversary simulation exercises (Red/Blue Team)
• Support Blue Team validation by simulating realistic attack paths requiring detection & response
• Physical Security & Social Engineering Assessments:
  • Tailgating, impersonation, visitor-based access scenarios
• Mentor junior team members and review technical deliverables
• Produce executive-ready reports with risk-based prioritization and evidence-backed findings
• Engage with client stakeholders and support regulatory/security assurance requirements

Required Skills & Experience

• 6–10+ years in penetration testing / red teaming / adversary simulation
• Deep expertise in:
  • Application security (OWASP Top 10, auth, APIs, logic flaws)
  • Network and infrastructure exploitation
  • Active Directory attacks, credential abuse, lateral movement
  • VPN and remote access security
  • Cloud security (AWS preferred – multi-account environments)
• Strong hands-on with:
  • Cobalt Strike , Burp Suite Pro, BloodHound, Mimikatz, Metasploit
• Experience working in regulated environments (financial sector preferred)

Preferred Certifications

• CISM  
• OSCP, OSCE, CRTO, CISSP (highly desirable)

Leadership & Delivery Expectations

• Ability to lead complex, multi-layered engagements independently
• Strong stakeholder communication and reporting skills
• Ability to align testing outcomes with regulatory and risk-based objectives

Good to Have

• Experience with:
  • Physical security assessments & social engineering
  • Tabletop exercises (TTX) and cyber resilience validation
  • O365 security testing