Lead Penetration Tester

Job Title: Lead Penetration Tester

Location: India (Remote - Travel to Office Once a Month)

Job Type: Full-Time

Industry: Cybersecurity / Information Technology

Work Hours: Standard IST hours

Travel: Once a month to client/office location (as required)

About the Role:

We are seeking an experienced and highly skilled Lead Penetration Tester to lead security assessments, uncover vulnerabilities, and help build secure digital environments. This is a remote-first role with minimal travel (once per month) to our office/client location. You'll be working closely with security architects, DevOps, and IT teams to identify weaknesses, simulate real-world attacks, and guide remediation efforts.

Key Responsibilities:

• Lead and execute penetration testing engagements across web, mobile, APIs, cloud, and network environments.
• Develop and manage comprehensive penetration test plans and reporting workflows.
• Simulate real-world attacks using manual and automated techniques to uncover security flaws.
• Deliver detailed and prioritized vulnerability reports with actionable remediation guidance.
• Collaborate with product, infrastructure, and security teams to fix discovered vulnerabilities.
• Conduct threat modeling and risk assessments on new systems and architectures.
• Mentor and guide junior penetration testers and security analysts.
• Stay updated on the latest threat vectors, exploits, and cybersecurity trends.

Required Skills & Experience:

• 6+ years of experience in penetration testing and ethical hacking.
• Strong knowledge of OWASP Top 10, MITRE ATT&CK, NIST standards, and CVSS scoring.
• Proficiency in tools like Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux.
• Solid understanding of application security, network protocols, authentication mechanisms, and secure coding principles.
• Experience in testing APIs (REST, SOAP), mobile apps (Android/iOS), and cloud platforms (AWS, Azure, GCP).
• Familiarity with scripting languages (Python, Bash, PowerShell).
• Strong report writing and documentation skills.
• Good communication and stakeholder management capabilities.

Preferred Qualifications:

• Certifications such as OSCP, OSWE, GPEN, CEH (Practical), or equivalent.
• Exposure to CI/CD pipelines and DevSecOps integration.
• Experience working with bug bounty platforms and responsible disclosure processes.