Job Description

• Plan, scope, and lead security assessment activities targeting network infrastructure, web applications, mobile platforms, and cloud environments.
• Conduct offensive security exercises, including Red Team exercises, to simulate real-world threats and test defensive capabilities.
• Oversee the thorough documentation of findings, providing clear, actionable, and prioritized recommendations to mitigate identified risks.
• Work directly with clients to understand their security objectives, define testing parameters, and clearly communicate the technical findings and associated business risk.
• Serve as a technical QA reviewer for reports and deliverables produced by junior consultants, ensuring accuracy, clarity, and adherence to industry best practices.
• Provide strategic counsel to clients on enhancing their overall security posture, incident response capabilities, and adherence to relevant compliance standards.
• Mentor and train junior consultants, fostering the development of technical skills in penetration testing methodologies, application security, and report writing.

Job Requirements

• 4 years of experience in penetration testing, including web and mobile application security.
• Candidates with 2 years of experience are also welcome (will be considered as junior).
• Strong knowledge of exploitation techniques, attack frameworks (e.g. MITRE ATT&CK), and vulnerability assessment tools.
• Good understanding of cybersecurity fundamentals, defensive architectures, and relevant regulatory frameworks.
• Certifications such as OSCP, CREST CRT, or equivalent are an advantage.
• Strong analytical skills with attention to detail in vulnerability analysis and reporting.
• Effective communicator, able to present technical findings clearly to both technical and non-technical stakeholders.
• Team-oriented professional with the ability to contribute to projects and collaborate with internal and client teams.

Skills