Penetration Tester

Job Description

Senior Penetration Tester / Offensive Security Consultant Overview We’re not looking for a checkbox pentester. We’re hiring an operator who can break real environments, articulate risk in business terms, and help scale offensive security as a service line .

This role sits at the intersection of technical execution, client advisory, and capability development —ideal for someone who can both run engagements and elevate the function .

Core Responsibilities 1. Offensive Security Execution - Lead and execute end-to-end penetration testing engagements across: - Web applications, APIs, and cloud environments

- Internal and external network infrastructure

- Active Directory / Entra ID attack paths

- Conduct red team, purple team, and social engineering operations

- Identify, chain, and exploit vulnerabilities to demonstrate real-world impact

- Perform physical security and wireless testing where applicable

2. Adversary Simulation & Advanced Testing - Emulate advanced threat actors using MITRE ATT&CK-aligned methodologies

- Execute C2 operations, evasion techniques (AMSI/ETW), and post-exploitation workflows

- Conduct multi-cloud (AWS, Azure, Google Cloud Platform) and container/serverless security assessments

- Perform AI/LLM security testing (prompt injection, RAG abuse, model exploitation)

3. Reporting & Client Advisory - Translate technical findings into clear, prioritized business risk

- Produce high-quality reports with: - Exploitation methodology

- Impact narratives

- Actionable remediation strategies

- Serve as a trusted advisor , presenting findings to both technical and executive stakeholders

4. Tooling & Automation - Develop and enhance automated testing tools and frameworks to improve delivery scale and consistency

- Build or leverage AI-augmented offensive tooling to accelerate engagements

- Optimize workflows using scripting (Python, PowerShell, Bash)

5. Practice Development (Senior-Level Expectation) - Contribute to or lead offensive security service development and standardization

- Align methodologies with SANS, PTES, OWASP, NIST, ISSAF frameworks

- Support pre-sales, scoping, and solution design

- Mentor junior testers and elevate team capability

Required Qualifications Technical Experience - 3–8+ years in penetration testing, red teaming, or offensive security

- Proven experience across: - Network, web app, and cloud pentesting

- Active Directory exploitation and privilege escalation

- Security tooling (Metasploit, Cobalt Strike, Burp Suite, Nmap, BloodHound, etc.)

Core Skillsets - Strong understanding of: - Authentication, IAM, and federation protocols

- Defensive controls (EDR, SIEM, firewalls) and how to bypass them

- Hands-on scripting/programming: - Python, PowerShell, Bash (additional languages a plus)

Certifications (Preferred but not mandatory) - OSCP, GPEN, CEH, GCIH, CySA+ or equivalent

Nice-to-Have Differentiators (What Separates Top 10%) - Experience with physical security exploitation (RFID, locks, access control)

- Background in AI security / offensive AI tooling

- Experience building or scaling penetration testing practices or offerings

- Competitive hacking (CTFs, NCL, CyberPatriot, etc.)

- Exposure to OT/ICS/IoT security environments