Penetration Tester

Role Overview:

We are seeking a driven and technically proficient Penetration Tester. The ideal candidate will have solid experience in performing end-to-end Vulnerability Assessments and Penetration Testing (VAPT) across various environments, possess strong reporting and scripting skills, and demonstrate the ability to engage with clients during both pre-sales and project delivery phases. This is an excellent opportunity for someone looking to grow their career within a CREST-accredited organization that delivers high-impact services to critical industries.

Responsibilities:

Penetration Testing & Security Assessments

• Plan, execute, and document penetration tests on web applications, mobile apps, APIs, infrastructure, cloud environments, and internal/external networks. (Black, Grey, White pentest)
• Perform source code reviews to uncover insecure code practices and logical vulnerabilities.
• Develop custom POC scripts and exploits in Python, PHP, JavaScript, and HTML.
• Utilize industry-standard tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, WebInspect, and manual testing techniques.
• Conduct compliance-aligned security assessments based on OWASP, NIST, CREST, and MITRE ATT&CK frameworks.

Reporting & Documentation

• Prepare detailed technical and executive reports, risk analysis, and remediation recommendations.
• Draft and maintain standardized test plans, methodologies, and reporting templates.
• Perform peer reviews of reports and assessments for accuracy, clarity, and technical depth.

Client Engagement & Pre-Sales

• Support pre-sales activities including technical scoping, requirement gathering, and proposal development.
• Participate in client-facing meetings to explain findings, provide mitigation advice, and manage expectations when needed.

Requirements:

• Minimum 4 years of penetration testing experience
• CREST CRT and CPSA certified (preferred)
• Other Security certifications: OSCP, OSWP, HTB, CBBH, CISSP (Bonus)
• Red Team experience (Bonus)
• Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices
• Strong scripting and automation skills using Python, PowerShell, or Bash
• Experience with both automated tools and manual testing techniques
• Strong written and verbal communication skills, especially for reporting and client presentations
• Ability to manage multiple projects and deadlines in a fast-paced consulting environment

Recommended Qualifications:

• Experience with cloud security testing (AWS, Azure, GCP)
• Knowledge of DevSecOps or CI/CD integration with security tools
• Familiarity with red teaming, adversary emulation, or purple teaming
• Involvement in bug bounty programs or CTFs