The Senior Penetration Tester will play a crucial role in assessing and securing applications, mobile platforms, infrastructure, and cloud environments across the organization. This individual will bring expertise in application security, mobile security, DevSecOps, container security, cloud and on-premises infrastructure security, and red teaming. As a senior member of the security team, the role demands strong technical skills, hands-on experience, and the ability to lead and execute complex penetration tests and security assessments.
Conduct Penetration Testing and Vulnerability Assessments:
- Perform in-depth penetration tests on web applications, mobile applications (iOS and Android), network infrastructure (web server, DB, Firewall, wireless access points), and cloud environments.
- Conduct penetration testing and security assessments on Active Directory environments to identify and mitigate weaknesses in AD configuration, permissions, and access control. Test for potential privilege escalation, lateral movement, and data exfiltration risks within AD.
- Simulate real-world privilege escalation scenarios during penetration testing and red teaming exercises to determine how vulnerabilities could be exploited by attackers. This includes demonstrating lateral movement, persistence, and access escalation through various attack vectors.
- Develop and implement client-side attack payloads that mimic realistic threat actor tactics, techniques, and procedures (TTPs) to assess the effectiveness of security defences. Focus on gaining initial access through social engineering and phishing methods to evaluate how the organization’s detection systems respond.
- Conduct regular red team exercises to evaluate and enhance the organization’s incident response and threat detection capabilities.
- Analyze security findings, determine the potential impact, and provide recommendations to mitigate risk.
- Collaborate with stakeholders to ensure clear understanding and documentation of red team findings and remediation measures.
Conduct Application Penetration Testing:
- Conduct in-depth penetration tests on web and mobile applications, identifying potential security risks and recommending mitigation strategies.
- Perform vulnerability assessments, exploit identified weaknesses and simulate potential attack vectors.
- Collaborate with development teams to remediate security vulnerabilities in web applications, APIs, and mobile platforms (iOS and Android).
- Ensure security compliance of container and cloud environments according to industry standards and organizational benchmarks.
- Build, integrate, and maintain security checks within the CI/CD pipelines to ensure security throughout the development lifecycle.
- Design and execute test cases aimed at identifying weaknesses and bypasses in Web Application Firewall (WAF) configurations. The goal is to develop specific attack scenarios that can evade WAF protections, helping to strengthen the effectiveness of the WAF by identifying and patching bypass techniques. This involves understanding WAF signature detection, inspecting traffic rules, and crafting unique payloads.
Minimum Qualifications:
- Bachelor's degree in Cybersecurity, Information Technology, or a related field.
- Minimum 5 - 7 years of experience in application security or a related field.
- Mandatory Certifications: OSEP or OSWE.