Penetration tester

Castellum Labs is a next-generation cybersecurity technology venture based in Hyderabad, India, with global set of customer base and global ambitions. Our vision is to change the cybersecurity value model in the industry by using custom designed in-house technologies for service delivery. Our primary focus areas in cybersecurity are Dev Sec Ops, Application Security (Life Cycle Security), Incident Response Services (Process, Tech & Enabling), Cyber Security Assessments, Phishing Simulation and Employee Awareness and Darkweb Monitoring & OSINT (External Threat Detection + Risk Rating). We use automation, cloud platforms, unique products, and a multi-layered security expert team to deliver services globally. Our services are delivered using a global delivery center and model, in a unique combination Role Description This is a full-time role for a Network and Infrastructure Penetration Tester (including cloud) at Castellum Labs. As a Network Penetration Tester, you will be responsible for performing security assessments, identifying vulnerabilities, conducting penetration testing, and providing recommendations for improving the security posture. This is an on-site role located in Hyderabad. Network penetration tester will conduct target assets based penetration testing of network devices, servers, DBs, endpoint devices, storage, cloud and other infrastructural assets. This role will work with other team members of VAPT, to cover all aspect of infra pen testing. This role will also cover, specialized infra such as AD, cloud (AWS, GCP and Azure) in its pen testing scope. Qualifications Good experience in network pen testing Good knowledge of security context and security configs of infra Good understanding of servers, databases, VMs, FW, Router, WAN & cloud Solid experience with pen testing tools, nmap, metasploit, recon tools and utilities Good experience in scripting using shell and python for the attack vector related work Understanding of the exploits which can be employed in various pen vectors Good knowhow of the reverse shell access under variety of compromise Good knowledge on network security concepts and network equipment Basic understanding of the MITRE ATT&CK framework Good understanding of red teaming models Ability to perform comprehensive pen testing Problem-solving and analytical skills Effective written and verbal communication skills Ability to work collaboratively in a team environment Relevant certifications such as CEH, OSCP, or CISSP are beneficial Experience of participating in CTF of different types will be given preference Experience and Joining1 to 5 years of experience Experience in cyber security services preferred Location is Hyderabad and joining is immediate First month will be remote, post that office is mandatory We can consider someone coming from the network security background We can also consider people coming from network management background Note -Not a 9 to 5 job Self driven approach is needed Startup environment, so high pressure situations are normal