Cybersecurity Analyst / Penetration Tester

Conduct open-source intelligence (OSINT) gathering to identify publicly exposed assets and potential attack surfaces within approved engagement scope.

Perform assigned penetration testing tasks for networks, web applications, systems, and APIs under defined scope.

Execute automated vulnerability scans using approved tools.

Conduct basic manual testing based on documented methodologies (OWASP, MITRE Attack).

Reproduce and validate identified vulnerabilities to confirm exploitability.

Participate in retesting activities after remediation.

Maintain accurate testing notes and evidence during engagements.

Assist in preparing penetration testing reports, including vulnerability descriptions, proof of concept, and ensuring reports are clear, accurate, and aligned with company standards.

Strictly adhere to rules of engagement, scope limitations, and legal requirements.

Follow internal security policies and ethical guidelines.

Escalate critical or unexpected findings to senior team members immediately.

Work closely with senior analyst or partners during assessments.

Support internal teams (SOC, IT, Dev) during vulnerability clarification.

Participate in internal knowledge-sharing sessions and reviews.

Improve technical skills through labs, internal training, and mentorship, staying updated on common vulnerabilities and emerging attack techniques, and preparing for role progression through skill validation and certifications.

• Assist in network, web application, cloud, and security testing activities.


• Perform automated vulnerability scanning using approved tools.


• Conduct OSINT gathering to identify and assess the external attack surface within approved scope.


• Conduct basic manual security testing following standard methodologies (e.g., OWASP, MITRE Attack).


• Validate and reproduce discovered vulnerabilities.


• Collect evidence (screenshots, logs, request/response data).


• Assist in writing penetration testing reports.


• Support retesting activities after remediation.


• Maintain accurate documentation of testing steps.


• Follow all legal, ethical, and scope restrictions.


• Continuously learn new attack techniques and security tools.

• Minimum Diploma in Computer Science, Information Security, or a related field. Relevant certifications are a plus (e.g., Pentest+, CEH, PNPT).


• At least 1 year’s experience in penetration testing or a similar role in cybersecurity.


• Strong understanding of network (TCP/IP, DNS, firewalls), web application architecture and operating systems (Linux, Windows).


• Proficiency with penetration testing & vulnerability assessment tools (e.g., Metasploit, Burp Suite, Nmap, OWASP ZAP).


• Experience with scripting languages (Python, Bash, etc.) and security frameworks.


• Excellent problem-solving skills with attention to detail.