Senior Penetration Tester / Lead Red Team

Job Title:

Senior
Penetration Tester / Lead – Red Team

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable,
reliable, and powerful for companies that need to be resilient and compliant.
Through Managed Extended Detection and Response (MXDR), Attack Surface
Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we
fortify our clients’ cybersecurity across both offense and defence.

Our AI -driven Nopal360° platform, NopalGo mobile app,
and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to
quantify, track, and visualize their cybersecurity posture in real time. We
democratize enterprise -grade security operations for organizations of all sizes
by lowering the barrier to entry while raising the bar for security and
service.

Key Responsibilities

• Perform
  advanced Vulnerability Assessment and Penetration Testing (VAPT) across
  external infrastructure, internal networks, web and mobile applications,
  APIs, and cloud environments (AWS, Azure, GCP).
  
• Conduct
  CIS Benchmark -based hardening assessments and implementations across
  operating systems (Windows, Linux), databases, middleware, network
  devices, and cloud platforms.
  
• Deliver
  customized hardening guides and security baselines mapped to
  client -specific compliance requirements and regulatory frameworks.
  
• Execute
  Dynamic Application Security Testing (DAST) on web and API applications
  (both authenticated and unauthenticated) using enterprise -grade tools;
  analyze, validate, and prioritize findings with actionable remediation
  guidance.
  
• Run
  Breach and Attack Simulation (BAS) scenarios to test resilience against
  real -world adversary tactics, techniques, and procedures (TTPs).
  
• Prepare
  comprehensive technical reports and executive -level summaries highlighting
  vulnerabilities, attack paths, misconfigurations, and compliance gaps.
  
• Continuously
  research emerging attack vectors, zero -day vulnerabilities, DAST
  methodologies, and new CIS benchmark updates to refine assessment
  strategies.
  
• Contribute
  to Ransomware Resiliency Assessments (RRA) by simulating ransomware
  behaviors and evaluating control effectiveness.
  

Required Skills & Experience

• 8–12
  years of direct, hands -on cybersecurity consulting experience, with deep
  expertise in VAPT, CIS benchmarking, and application security testing
  (DAST).
  
• Proven
  track record performing end -to -end penetration tests and dynamic
  application security scans using industry tools such as Burp Suite Pro,
  OWASP ZAP, Nessus, Qualys, Netsparker, Acunetix, and custom scripts.
  
• Strong
  understanding of web application security flaws (OWASP Top 10, API
  security issues, authentication/authorization flaws, injection attacks,
  deserialization, SSRF, RCE, etc.) and ability to exploit and document
  them.
  
• Solid
  understanding of network protocols, operating system behaviors, and common
  application security principles relevant to modern IT environments.
  
• Hands -on
  experience with CIS Benchmark implementation and verification across
  diverse platforms, ensuring alignment with client compliance mandates.
  
• Familiarity
  with BAS tools and adversary emulation frameworks to measure detection and
  response maturity.
  
• Proficiency
  in scripting/automation (Python, PowerShell, Bash) to extend testing
  capabilities or validate findings.
  
• Working
  knowledge of security architecture frameworks (e.g., SABSA) and threat
  modeling methodologies (e.g., STRIDE, kill chains, attack trees) to
  support risk -informed vulnerability assessments, hardening efforts, and
  remediation planning.
  
• Ability
  to write and present detailed remediation reports, security
  recommendations, and compliance -aligned hardening outputs.
  
• Strong
  communication skills to convey technical findings to technical and
  executive stakeholders.
  

Preferred Qualifications

• Bachelor’s
  degree in engineering, Computer Science, or related discipline.
  
• CEH
  Certification (Mandatory) plus one or more advanced certifications:
  
• OSCP
  (Offensive Security Certified Professional)
  
• eCPPT
  (eLearn Security Certified Professional Penetration Tester)
  
• CompTIA
  Pentest+
  
• CRTP
  / CRTE (Certified Red Team Professional/Expert)
  
• CIS -CAT
  Pro Assessor or equivalent CIS Benchmark credentials
  
• Familiarity
  with MITRE ATT&CK and adversary simulation frameworks.
  

Preferred Qualifications

• Self -starter and quick learner requiring minimal ramp -up
  
• Excellent written, oral, and interpersonal communication
  skills
  
• Highly self -motivated, self -directed, and attentive to detail
  
• Ability to effectively prioritize and execute tasks in a
  high -pressure environment
  

Location: Nopal Cyber, Hyderabad (Work from Office, 5 Days a
Week)

Employment Type: Full -time