Penetration Tester

Senior Penetration Tester with deep expertise in application security. The ideal candidate will be responsible for planning, executing, and documenting comprehensive penetration tests, including advanced manual testing techniques and contribute to strengthening our security posture by recommending practical solution principles and secure coding practices.

Key Responsibilities:

• Conduct comprehensive penetration tests on web/mobile/cloud applications, firmware, and hardware devices.
  


• Perform manual security testing beyond automated tools to uncover complex vulnerabilities.
  


• Analize systems and architecture to identify security risks and attack surfaces.
  


• Use industry-standard tools such as Metasploit, Burp Suite, Nmap, Wireshark, Nessus, and custom scripts for exploitation and reconnaissance.
  


• Simulate real-world attack scenarios to evaluate system resilience.
  


• Develop and present detailed reports with proof-of-concept (PoC), risk assessments, and remediation guidance.
  


• Collaborate with development and DevOps teams to suggest secure coding practices and fix vulnerabilities at the root.
  


• Stay up to date with emerging threats, vulnerabilities, and industry trends.
  

Must-Have Qualifications:

• 8–10 years of hands-on experience in penetration testing (application and hardware).
  


• Strong knowledge of OWASP Top 10, SANS 25, and common vulnerability patterns.
  


• Deep familiarity with exploit frameworks (e.g., Metasploit), reverse engineering, and hardware-level attack techniques (e.g., JTAG, UART, SPI).
  


• Experience analyzing and testing embedded systems, IoT devices, and network appliances.
  


• Ability to explain vulnerabilities to non-security stakeholders with clarity.
  


• Proven experience in crafting custom exploits or payloads.
  


• Solid understanding of secure development lifecycle (SDLC) and CI/CD pipeline integration.
  


• Certifications like OSCP, OSCE, GPEN, or similar are a strong plus.
  

Nice-to-Have Skills:

• Knowledge of containerized environments.
  


• Familiarity with secure boot, firmware integrity, and hardware encryption modules.
  


• Contribution to bug bounty platforms or CVE submissions.