Penetration Tester

Life on the team

A highly skilled and motivated Penetration Tester to join our dynamic cybersecurity team. In this role, you will be responsible for identifying vulnerabilities in our systems, applications, and networks through various penetration testing methodologies. You will play a critical role in strengthening our security posture and protecting our valuable assets from cyber threats.

What you'll do

Core Responsibilities:

• Conduct comprehensive penetration tests: Execute internal and external network penetration tests, web application penetration tests, mobile application penetration tests, API penetration tests, cloud security assessments, and social engineering simulations.
• Vulnerability identification and analysis: Research, identify, and exploit security vulnerabilities in a variety of systems and applications.
• Red/Purple/Blue Teaming: participate in exercises with the goal of increasing cyber resilience for both offensive and defensive.
• Reporting and documentation: Prepare detailed and professional penetration test reports, including executive summaries, technical findings, risk ratings, and actionable recommendations for remediation.
• Collaboration and communication: Work closely with development, operations, and security teams to communicate findings, explain risks, and provide guidance on remediation strategies.
• Tooling and methodology enhancement: Continuously research and evaluate new penetration testing tools, techniques, and methodologies to improve testing efficiency and effectiveness.
• Security awareness: Contribute to the development and delivery of security awareness training for internal staff.
• Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices.
• Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws.
• Ad-hoc security testing: Perform ad-hoc security assessments and provide expert advice on security-related matters as needed.

Critical Success Factors:

• Strong ethical hacking mindset: A genuine passion for breaking things and understanding how they work, coupled with an unwavering commitment to ethical conduct.
• Analytical and problem-solving skills: Ability to dissect complex systems, identify subtle vulnerabilities, and devise creative attack scenarios.
• Attention to detail: Meticulous in documenting findings and ensuring accuracy in reporting.
• Excellent communication skills: Ability to clearly and concisely communicate highly technical information to both technical and non-technical audiences, both verbally and in writing.
• Proactive and self-motivated: Ability to work independently and manage multiple projects simultaneously, demonstrating initiative and ownership.
• Adaptability and continuous learning: Eagerness to learn new technologies, tools, and methodologies in a rapidly evolving threat landscape.
• Results-oriented: Focus on delivering high-quality, impactful security assessments that drive tangible

What you'll need

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 10+ Years of experience
• OSCP, PNPT or equivalent certification
• At least three years' experience working full-time as a penetration tester on the following areas as a minimum:
• Infrastructure
• Active Directory networks
• Web Application penetration testing
• Cloud security (Entra ID/Azure)
• [optional] IoT
• [optional] mobile
• [optional] physical security / social engineering
• Ability to develop custom tools, or adapt existing tooling for the task at hand
• [optional] public blogs, research or talks
• [optional] demonstrable experience contributing to open-source tools

Skills and Competencies

• Strong Knowledge in SIEM operations, Threat operations, security monitoring, SOC operations, ASM, incident response, and log management.
• Strong knowledge of tools and technologies such as MS Sentinel, ELM, SOAR, EDR solutions, and other SOC tooling.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
• Exceptional leadership, communication, and stakeholder management skills.
• Participation and leading projects
• Full understanding of NIST 2 Domains and sub domains for SOC Operations\
• CRTO, OSCE, OSEP, PEN-300, GXPN or
  equivalent certification (note: reasonable exceptions will be considered, e.g. years of experience, contribution to the field, etc.)
• At least five years' experience
• Coding experience
• Experience in training others, or managing teams