Overview: Perform in-depth penetration testing on applications, networks, and systems to identify, analyze, and exploit security vulnerabilities.

Responsibilities: • Perform in-depth penetration testing on applications, networks, and systems using manual testing techniques. • Identify, analyze, and exploit security vulnerabilities across various platforms and solutions. • Execute penetration testing projects following established methodologies, tools, and rules of engagement. • Conduct manual security assessments to identify critical vulnerabilities that automated scanners may miss. • Develop and execute security test cases to exploit security-protected applications. • Generate comprehensive reports detailing vulnerabilities, exploitation processes, risks, and remediation recommendations. • Provide clear, concise, and actionable insights on penetration test findings for technical teams and stakeholders. • Perform vulnerability metrics reporting, both ad-hoc and scheduled, to track security posture improvements. • Work closely with development, security, and operations teams to discuss vulnerabilities and mitigation strategies. • Assist and guide other security analysts by providing direction on complex penetration testing scenarios. • Offer recommendations for improving application and network security assessment processes, including automation and tool usage. • Collaborate with business units to analyze security policies and suggest improvements for better protection. • Stay updated on the latest vulnerabilities, exploits, and threat trends that could impact the organization. • Assess potential security risks associated with newly discovered vulnerabilities and their relevance to the business environment. • Share knowledge with the team and mentor junior penetration testers. • Develop security solutions for critical and high-impact security vulnerabilities. • Provide remediation strategies and risk response recommendations to protect infrastructure and sensitive information. • Maintain strong relationships with security and services partners to improve security practices.

Requirements: Must Have Skills: • Bachelor’s Degree in Computer Science, CyberSecurity or other related field, or equivalent work experience. • Experience in application, mobile, API, thick client and network penetration testing. • Typically requires at least 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over 3 years’ experience in conducting penetration testing. • Familiarity with programming languages (such as SQL, C ++, JavaScript, Ruby, .Net, Java, Apex, ABAP, and Python). • Working knowledge with open-source security tools (Burp, Nmap, SSlscan, Sqlmap, Nikto, Metasploit, etc.) and COTS (Checkmarx, Qualys, Horizon3). • Familiar with OWASP Top 10 Methodologies. • Familiar with SANS Top 25 controls. • Familiar with Penetration Testing Standards. • Familiar with MITRE ATTACK framework.

Must Have Certification: • At least one Penetration testing certification like: OSCP or EWPT.

Good to Have Skills: • Great attitude to help, learn and grow, excitement is always welcome. • Experience applying structured analytical methodologies in effort to solve complex security engagements. • Solid understanding of vulnerabilities reported and the ability to conduct impact analysis of security threats. • Familiarity with latest security vulnerabilities, advisories, incidents, penetration techniques, attack vectors, and countermeasures. • Demonstrated sound understanding of at least 3 of the following standards such as ISO 27001/27002, COBIT, ITIL, NIST, HIPAA, SOX and PCI. • Ability to contribute as SME to application teams. • Strong consultative skills; ability to interface effectively with technical and non-technical leaders. • Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.

Good to Have Certifications: • CISSP, CEH.