Job Title: Senior Penetration Tester
Location: Any - Remote
Role Summary
We are looking for an experienced penetration tester to identify and responsibly exploit security weaknesses across our applications, networks, and infrastructure. You will simulate real-world attacks in a controlled, authorized manner, document findings clearly, and work with engineering teams to get issues fixed. This is a hands-on role for someone who thinks like an attacker but communicates like a consultant.
Key Responsibilities
- Plan and conduct authorized penetration tests on web applications, APIs, mobile apps, networks, and cloud environments.
- Perform vulnerability assessments, manual testing, and scoped exploitation to validate real risk versus false positives.
- Write clear, prioritized reports detailing findings, business impact, reproduction steps, and remediation guidance.
- Re-test fixes and verify that vulnerabilities have been properly closed.
- Collaborate with developers and IT teams to explain risks and support remediation.
- Stay current with emerging threats, tools, and techniques, and contribute to improving internal testing methodology.
Required Skills and Experience
- Demonstrable experience across the full pen-testing lifecycle (scoping, testing, reporting, retesting).
- Strong knowledge of common vulnerability classes (e.g., OWASP Top 10) and network and web security fundamentals.
- Hands-on familiarity with standard tooling such as Burp Suite, Nmap, Metasploit, and similar.
- Comfortable with scripting (Python, Bash, or PowerShell) to support testing workflows.
- Solid grasp of operating systems, networking, and at least one major cloud platform.
- Excellent written and verbal communication, with the ability to explain technical risk to non-technical stakeholders.
Nice to Have
- Industry certifications such as OSCP, GPEN, CEH, or equivalent.
- Experience with red teaming, social engineering, or cloud-specific security testing.
- Prior consulting or client-facing experience.
Work Location: In person
