Description
The Senior Penetration Tester will play a crucial role in assessing and
securing applications, mobile platforms, infrastructure, and cloud
environments across the organization. This individual will bring expertise
in application security, mobile security, DevSecOps, container security,
cloud and on-premises infrastructure security, and red teaming. As a senior
member of the security team, the role demands strong technical skills,
hands-on experience, and the ability to lead and execute complex
penetration tests and security assessments.
Conduct Penetration Testing and Vulnerability Assessments:
- Perform in-depth penetration tests on web applications, mobile
applications (iOS and Android), network infrastructure (web server,
DB, Firewall, wireless access points), and cloud environments. - Conduct penetration testing and security assessments on Active
Directory environments to identify and mitigate weaknesses in AD
configuration, permissions, and access control. Test for potential
privilege escalation, lateral movement, and data exfiltration risks
within AD. - Simulate real-world privilege escalation scenarios during penetration
testing and red teaming exercises to determine how vulnerabilities
could be exploited by attackers. This includes demonstrating lateral
movement, persistence, and access escalation through various attack
vectors. - Develop and implement client-side attack payloads that mimic
realistic threat actor tactics, techniques, and procedures (TTPs) to
assess the effectiveness of security defences. Focus on gaining initial
access through social engineering and phishing methods to evaluate
how the organization’s detection systems respond. - Conduct regular red team exercises to evaluate and enhance the
organization’s incident response and threat detection capabilities. - Analyze security findings, determine the potential impact, and
provide recommendations to mitigate risk. - Collaborate with stakeholders to ensure clear understanding and
documentation of red team findings and remediation measures.
Conduct Application Penetration Testing: - Conduct in-depth penetration tests on web and mobile applications,
identifying potential security risks and recommending mitigation
strategies. - Perform vulnerability assessments, exploit identified weaknesses and
simulate potential attack vectors. - Collaborate with development teams to remediate security
vulnerabilities in web applications, APIs, and mobile platforms (iOS
and Android). - Ensure security compliance of container and cloud environments
according to industry standards and organizational benchmarks. - Build, integrate, and maintain security checks within the CI/CD
pipelines to ensure security throughout the development lifecycle. - Design and execute test cases aimed at identifying weaknesses and
bypasses in Web Application Firewall (WAF) configurations. The
goal is to develop specific attack scenarios that can evade WAF
protections, helping to strengthen the effectiveness of the WAF by
identifying and patching bypass techniques. This involves
understanding WAF signature detection, inspecting traffic rules, and
crafting unique payloads.
Requirements
- Bachelor’s degree in Cybersecurity, Information Technology, or a
related field. - ·Minimum 5 – 7 years of experience application security or a related
field - Mandatory Certifications: OSEP or OSWE