USI -CTS -Cyber -Penetration Tester (Analyst)

USI -CTS -Cyber -Penetration Tester (Analyst)

Key Responsibilities

• Assist in the technical scoping of security testing activities based on client requirements and architecture reviews.

• Execute manual penetration testing across multiple domains, including:

o Web Application Penetration Testing

o Mobile Application Penetration Testing

o Web Services / API Penetration Testing

o Network Penetration Testing

o Thick Client Penetration Testing

• Conduct focused security research when not deployed on active engagements.

• Analyze and understand complex application, infrastructure, and solution architecture designs to identify security weaknesses.

• Provide consultative guidance to stakeholders on vulnerabilities identified, including clear and actionable remediation recommendations, both verbally and in writing.

• Prepare high -quality assessment reports with concise risk articulation and business -relevant recommendations.

• Enhance and update penetration testing methodologies, processes, playbooks, and standards documentation.

• Maintain technical proficiency through ongoing learning, certifications, and structured training paths.

• Effectively communicate the services, capabilities, and value proposition of the penetration testing team to internal and external stakeholders.

• Leverage automation and scripting, including AI -assisted and AI -integrated approaches, to improve testing efficiency and coverage.

• Support vulnerability research and exploit development activities using AI -enabled techniques where appropriate.

• Perform security testing for LLM -enabled applications and AI systems, including validation of common LLM -related risks and misuse scenarios.

Required Qualifications

• Proven experience in manual Web Application Penetration Testing.

• Proven experience in manual Mobile Application Penetration Testing.

• Hands -on experience in API / Web Services Penetration Testing.

• Hands -on experience in Network Penetration Testing.

• Hands -on experience in Thick Client Penetration Testing.

• Strong understanding of common vulnerabilities, attack techniques, and remediation approaches across application and infrastructure security.

• Proficiency in analyzing complex architectures and identifying potential attack paths.

• Strong written and verbal communication skills, with the ability to explain technical findings to both technical and non -technical stakeholders.

• Ability to provide practical, risk -based, and actionable recommendations to clients.

• Experience with security testing tools, manual validation techniques, and scripting/automation to support testing activities.

Preferred Qualifications

• Experience with automation and scripting for penetration testing use cases.

• Exposure to AI -assisted security testing, AI -supported exploit research, or AI -integrated offensive security workflows.

• Experience in LLM security testing, prompt injection testing, model misuse scenarios, and security assessment of AI -enabled applications.

• Relevant industry certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.

• Familiarity with secure development practices and remediation validation.

• Experience working in global delivery models and supporting diverse stakeholder groups.

.

Key Responsibilities

• Lead and support technical scoping of penetration testing and offensive security activities based on business needs, architecture, and risk profile.

• Perform advanced manual penetration testing across:

o Web Applications

o Mobile Applications

o Web Services / APIs

o Network environments

o Thick Client applications

• Assess complex application and infrastructure architectures to identify attack paths, design weaknesses, and security gaps.

• Validate vulnerabilities through hands -on testing and clearly distinguish exploitable findings from false positives.

• Provide consultative, risk -based guidance to clients and stakeholders on identified findings, including practical remediation recommendations in both verbal and written formats.

• Develop high -quality technical reports and executive -ready summaries that clearly articulate risk, business impact, and corrective actions.

• Conduct focused security research, vulnerability analysis, and exploit validation when not deployed on active engagements.

• Contribute to the enhancement of penetration testing methodologies, standards, playbooks, and internal processes.

• Maintain and expand technical proficiency through continuous learning, certifications, research, and training.

• Communicate team services and capabilities effectively to internal stakeholders and clients across global environments.

• Apply automation and scripting, including AI -assisted and AI -integrated techniques, to improve testing effectiveness and efficiency.

• Support emerging security testing areas such as AI -enabled applications, LLM security testing, and AI -assisted vulnerability research and exploit development.

• Manage multiple assignments concurrently, applying sound judgment to prioritize work, meet deadlines, and maintain quality.

Required Qualifications

To be considered for this role, candidates should demonstrate the following:

• Proven experience in manual Web Application Penetration Testing.

• Proven experience in manual Mobile Application Penetration Testing.

• Hands -on experience in Web Services / API Penetration Testing.

• Hands -on experience in Network Penetration Testing.

• Hands -on experience in Thick Client Penetration Testing.

• Strong experience with common security testing tools such as Burp Suite, OWASP ZAP, Metasploit, Postman, Swagger, Nmap, Qualys, SQLMap, and similar tools.

• Experience using Kali Linux or other dedicated penetration testing operating system platforms.

• Advanced knowledge of network penetration testing, application penetration testing, and architectural security principles.

• Familiarity with software security weaknesses, common vulnerability classes, and attack techniques.

• Working knowledge of at least one scripting language such as Python, Bash, or PowerShell.

• Familiarity with at least one programming language and framework, enabling effective review and testing of application behavior.

• Strong written and verbal communication skills, including the ability to explain complex technical issues to varied audiences.

• Demonstrated experience working with diverse stakeholders, ideally in a global, multi -national environment.

• Ability to manage concurrent initiatives with effective prioritization, sound judgment, and strong time management.

Preferred Qualifications

The following would be advantageous:

• Knowledge of or experience with:

o OWASP Top 10

o OWASP API Security Top 10

o OWASP Thick Client Top 10

o OWASP LLM Top 10

o MITRE ATT&CK Framework

• Experience in cloud service testing.

• Exposure to reverse engineering techniques.

• Familiarity with Static Application Security Testing (SAST).

• Familiarity with Dynamic Application Security Testing (DAST).

• Relevant certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.

• Experience with AI -assisted testing workflows, security assessment of LLM -enabled applications, or modern offensive security automation approaches.

Role Overview
, candidates should demonstrate the following:

• Proven experience in manual Web Application Penetration Testing.

• Proven experience in manual Mobile Application Penetration Testing.

• Hands -on experience in Web Services / API Penetration Testing.

• Hands -on experience in Network Penetration Testing.

• Hands -on experience in Thick Client Penetration Testing.

• Strong experience with common security testing tools such as Burp Suite, OWASP ZAP, Metasploit, Postman, Swagger, Nmap, Qualys, SQLMap, and similar tools.

• Experience using Kali Linux or other dedicated penetration testing operating system platforms.

• Advanced knowledge of network penetration testing, application penetration testing, and architectural security principles.

• Familiarity with software security weaknesses, common vulnerability classes, and attack techniques.

• Working knowledge of at least one scripting language such as Python, Bash, or PowerShell.

• Familiarity with at least one programming language and framework, enabling effective review and testing of application behavior.

• Strong written and verbal communication skills, including the ability to explain complex technical issues to varied audiences.

• Demonstrated experience working with diverse stakeholders, ideally in a global, multi -national environment.

• Ability to manage concurrent initiatives with effective prioritization, sound judgment, and strong time management.

Preferred Qualifications

The following would be advantageous:

• Knowledge of or experience with:

o OWASP Top 10

o OWASP API Security Top 10

o OWASP Thick Client Top 10

o OWASP LLM Top 10

o MITRE ATT&CK Framework

• Experience in cloud service testing.

• Exposure to reverse engineering techniques.

• Familiarity with Static Application Security Testing (SAST).

• Familiarity with Dynamic Application Security Testing (DAST).

• Relevant certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.

• Experience with AI -assisted testing workflows, security assessment of LLM -enabled applications, or modern offensive security automation approaches.

Visit us at http://alignity.io/careers. Alignity Solutions is an Equal Opportunity Employer, M/F/V/D.

CEO Message: Click Here

Clients Testimonial: Click Here