Senior Penetration Tester
Job Description
Location: Any - Remote
Role Summary
We are looking for an experienced penetration tester to identify and responsibly exploit security weaknesses across our applications, networks, and infrastructure. You will simulate real-world attacks in a controlled, authorized manner, document findings clearly, and work with engineering teams to get issues fixed. This is a hands-on role for someone who thinks like an attacker but communicates like a consultant.
Key Responsibilities
Plan and conduct authorized penetration tests on web applications, APIs, mobile apps, networks, and cloud environments.
Perform vulnerability assessments, manual testing, and scoped exploitation to validate real risk versus false positives.
Write clear, prioritized reports detailing findings, business impact, reproduction steps, and remediation guidance.
Re-test fixes and verify that vulnerabilities have been properly closed.
Collaborate with developers and IT teams to explain risks and support remediation.
Stay current with emerging threats, tools, and techniques, and contribute to improving internal testing methodology.
Required Skills and Experience
Demonstrable experience across the full pen-testing lifecycle (scoping, testing, reporting, retesting).
Strong knowledge of common vulnerability classes (e.g., OWASP Top 10) and network and web security fundamentals.
Hands-on familiarity with standard tooling such as Burp Suite, Nmap, Metasploit, and similar.
Comfortable with scripting (Python, Bash, or PowerShell) to support testing workflows.
Solid grasp of operating systems, networking, and at least one major cloud platform.
Excellent written and verbal communication, with the ability to explain technical risk to non-technical stakeholders.
Nice to Have
Industry certifications such as OSCP, GPEN, CEH, or equivalent.
Experience with red teaming, social engineering, or cloud-specific security testing.
Prior consulting or client-facing experience.
Work Location: In person
