Conduct hands-on penetration testing across internal and external environments, cloud platforms, and web/mobile applications. Deliver high-quality reports and present findings to technical and non-technical stakeholders. Participate in 3-week testing/reporting cycles.
Key Highlights
Technical Skills Required
Benefits & Perks
Job Description
Senior Penetration Tester (Remote)
1. Roles & Responsibilities
• Conduct hands-on penetration testing across internal networks (Active Directory), external environments, and web/mobile applications.
• Perform cloud penetration tests targeting AWS, Azure, or GCP environments, identifying misconfigurations and exploiting real-world attack paths.
• Operate independently through full engagement cycles: scoping → testing → exploitation → reporting → client communication.
• Deliver high-quality reports using PlexTrac and internal templates, including actionable remediation guidance.
• Present findings to both technical and non-technical stakeholders; maintain strong, professional communication with enterprise clients.
• For senior roles: execute or support wireless assessments, social engineering engagements, and emerging areas such as AI/ML security testing.
• Participate in 3-week testing/reporting cycles and support QA activities across multiple client engagements.
2. Skills (Must-Have & Nice-to-Have)
Must-Have Skills
• Recent (last 12 months) hands-on penetration testing - internal, external, and web application.
• Recent cloud pentesting in AWS, Azure, or GCP (IAM abuse, metadata attacks, misconfigurations, privilege escalation).
• Proficiency with offensive security tools:
o Nmap, BloodHound, Mimikatz, Responder, Impacket
o AWS/Azure/GCP CLI tools, Pacu, cloudhound utilities
o Burp Suite and common web testing tools
• Strong understanding of AD attack paths, lateral movement, escalation techniques, and real exploit execution.
• Ability to produce clear, structured, client-ready penetration testing reports.
• Excellent verbal and written communication with enterprise customers.
Nice-to-Have Skills (Senior-Level)
• Wireless penetration testing (WPA2/WPA3 Enterprise, RADIUS, EAP-TLS, EvilTwin).
• Social engineering experience (phishing, vishing, SMS, onsite).
• AI/ML system or model testing experience.
• Broader red-team or niche offensive security capabilities.
3. Details
• Location: Fully Remote (work from anywhere)
• Start Date: ASAP (ideally by the 1st Jan)
• Work Environment:
o Enterprise clients (internal apps, mobile apps, cloud workloads)
o Heavy emphasis on hands-on testing, reporting, and customer
communication