Penetration Testing Specialist

Overview:

We are seeking a highly skilled Penetration Testing Specialist (Ethical Hacker) to conduct comprehensive security assessments and proactively identify and exploit vulnerabilities within our systems, networks, and applications. This role is crucial for strengthening our cybersecurity posture, protecting sensitive information, and ensuring compliance against sophisticated cyber threats.

• Responsibilities:
  • Perform rigorous penetration testing across various targets, including web applications (adhering to OWASP Top 10), internal and external network infrastructures, and computer systems, to uncover security flaws and weaknesses.
  • Conduct realistic social engineering tests (e.g., phishing campaigns, pretexting, baiting) to evaluate organizational security readiness and the effectiveness of human-layer defenses.
  • Assess physical security measures to identify potential vulnerabilities that could lead to unauthorized access to premises or critical infrastructure.
  • Thoroughly analyze identified vulnerabilities, meticulously assessing their risk and potential impact, and recommending precise, actionable strategies to bolster security measures.
  • Prepare comprehensive, professional, and remediation-focused reports that accurately detail findings, methodologies used, and proof-of-concept for exploited vulnerabilities, providing clear and actionable insights for stakeholders, and ensuring compliance with relevant requirements.
  • Utilize and leverage industry-standard penetration testing tools and frameworks (e.g., Metasploit, BurpSuite Professional, Kali Linux) and programming languages like Python for security testing and scripting.
  • Collaborate closely with security analysts, system administrators, and other IT teams to facilitate the implementation of recommended solutions and enhance overall security systems.
  • Maintain up-to-date knowledge of industry certifications (e.g., Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), CompTIA Security+, GRTE, CASA), emerging threats, and the latest penetration testing methodologies.
  • (Optional: Conduct retesting to verify that identified vulnerabilities have been effectively remediated ).
• Required Qualifications:
  • Proven hands-on experience of 7+ years conducting diverse penetration testing engagements (web, network, wireless, social engineering, physical, API).
  • Deep expertise in various penetration testing methodologies and ethical hacking techniques.
  • Strong proficiency in programming languages like Python for scripting, automation, and exploit development.
  • Solid understanding of operating systems such as Linux and Windows and their security configurations.
  • Possession of relevant and active industry certifications (e.g., Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), CompTIA Security+, GRTE, CASA).
• Key Skills:
  • Penetration Testing: Web Application Penetration Testing (OWASP Top 10), Network Penetration Testing, Wireless Penetration Testing, Social Engineering, Physical Security Testing, IoT Device Testing, API Penetration Testing.
  • Tools & Frameworks: Metasploit, BurpSuite Professional, OpenVAS, Nmap, Mimikatz, Impacket, Kali Linux, Pynt, Nessus Professional, Aircrack-ng, John the Ripper, Nikto.
  • Programming/Scripting: Python, JavaScript.
  • Vulnerability Analysis: Expert ability to identify, assess, prioritize, and articulate vulnerabilities.
  • Reporting: Exceptional skills in creating detailed, remediation-focused, and compliance-ready reports.
  • Security Concepts: Deep understanding of network security, application security, data security, authentication flaws, encryption, and common attack vectors.