Senior Penetration Tester

GENERAL RESPONSIBILITIES:

The Senior Penetration Tester is responsible for conducting thorough security assessments, managing IT infrastructure for ongoing vulnerability scans, and leading large-scale projects. The role involves identifying and addressing critical flaws in systems and applications, presenting comprehensive reports, and assisting clients in achieving their security goals.

DUTIES AND RESPONSIBILITIES:

• Serve as a penetration tester and security analyst for clients and the company.
• Analyze vulnerabilities of the target systems and provide guidance.
• Performs continuous scanning for company's systems, infrastructure, and network to identify vulnerabilities.
• Manages and schedules all company's IT systems and infrastructure for Vulnerability Scanning
• Acts as a subject matter expert in vulnerability management and penetration testing (VAPT)
• Leads large-scale information security projects, including the implementation and delivery of new infrastructure security scanning capabilities
• Partners with teams to align technology implementation processes and reduce vulnerabilities
• Supports the continuous improvement of the vulnerability management program initiatives, process, and technology integration
• Prepares and presents daily, weekly, monthly, quarterly, and annual reports, as required by the Immediate Superior
• Conducts comprehensive penetration testing activities to identify potential vulnerabilities and exploit them within ethical boundaries
• Analyzes and reports findings from penetration testing assessments, including recommended remediation actions
• Collaborates with IT teams to implement necessary security measures and safeguards based on identified vulnerabilities
• Stays up to date with emerging threats and techniques related to penetration testing.
• Help clients achieve their information security goals by providing recommendations, assistance, and participation in (but not limited to) vulnerability assessments, penetration tests, security improvement initiatives, security management programs/processes, policies, technical implementations, compliance with standards or specific frameworks, research, technology reviews, etc.
• Handle Vulnerability Assessment and Penetration Testing (VAPT) Projects as Senior Engineer. Conducted vulnerability analysis and penetration testing, presented risk ranking and mitigation recommendations, crafted executive reports, and presented results to stakeholders.
• Internal security analysis tasks and knowledge transfers: on-demand with team and other departments. Perform formal penetration tests on web-based applications, networks, and computer systems.
• Conduct physical security assessments of servers, systems, and network devices.
• Work on improvements for security services, including continuously enhancing existing methodology material and supporting assets.
• Research, document, and discuss security findings with management and IT teams.
• Employ social engineering to uncover security holes (e.g., poor user security practices or password policies).
• Probe for vulnerabilities in web applications, fat/thin client applications, and standard applications.
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws.
• Write and present a comprehensive Vulnerability Assessment.
• Manually validate report findings to reduce false positives.
• Identify critical flaws in applications and systems that cyber attackers could exploit.

Preferred:

• Education –    Bachelor's degree/Diploma in Computer Science, Cybersecurity, Information Technology, or any related field.

• Relevant cybersecurity certifications, such as Certified Ethical Hacker (CEH), Certified Threat Intelligence Analyst (CTIA), Computer Hacking Forensics Investigator (CHFI), (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Manager (CISA) and other technical relevant red/blue certifications.

• Related Work Experience -  Proven hands-on experience in penetration testing, vulnerability assessment, and information security.

• Experience in managing and leading teams, preferably in the context of VAPT projects.