Lead penetration testing and red team engagements to identify security vulnerabilities across diverse environments.
Responsibilities
Lead client engagements from initial scoping through final reporting and remediation guidance.
Execute penetration testing across network, web application, mobile, API, cloud, thick client, wireless, and social engineering domains.
Perform red team assessments to identify security posture gaps and execute Active Directory attacks.
Analyze testing results to create detailed reports covering exploitation procedures, risks, and mitigation recommendations.
Mentor junior testers and conduct technical quality reviews of findings.
Required Skills
Minimum 3 years of penetration testing experience covering at least three areas: Network, Web, Mobile, Thick Client, APIs, Wireless, Social Engineering, Physical, or Red Teaming.
Hold at least one certification: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX.
Deep understanding of OWASP Top 10 and SANS Top 25 vulnerabilities.
Proficiency with BurpSuite, Nessus, Nmap, and Kali Linux.
Experience with Active Directory attacks and enterprise security controls in Windows environments.
Working knowledge of scripting languages such as Python, Perl, PHP, or Ruby for automation.
Strong understanding of TCP/IP, OSI layers, IPv4/IPv6, and network protocols.
Experience supporting SDLC and agile environments through application security testing and source code reviews.
Proficiency with Windows, Linux, and UNIX operating systems.
Preferred Skills
Experience with OT/IoT, Cloud technologies (AWS, Azure, GCP), and 802.1x penetration testing.
Knowledge of AI applications in penetration testing.