Key Responsibilities:

• Conduct penetration testing on web applications, mobile applications, and network infrastructure.
• Identify, analyze, and exploit security vulnerabilities to assess potential risks.
• Perform red teaming activities and adversary simulation.
• Research new attack techniques, zero-day vulnerabilities, and emerging threats.
• Develop and enhance internal penetration testing tools and methodologies.
• Provide detailed reports on security assessments with risk analysis and remediation recommendations.
• Work closely with development, DevOps, and IT teams to improve security best practices.
• Stay up-to-date with the latest security trends, tools, and exploits.

Requirements:

• Proven experience in penetration testing of applications and infrastructure.
• Proficiency in tools such as Burp Suite, Metasploit, Kali Linux, Nmap, Nessus, or similar.
• Strong understanding of OWASP Top 10, MITRE ATT&CK framework, CVE vulnerabilities, and secure coding practices.
• Hands-on experience with network security, system hardening, and cloud security assessments.
• Ability to write and modify exploits, scripts, and automation tools using Python, Bash, or PowerShell.
• Knowledge of reverse engineering, malware analysis, or vulnerability research – an advantage.
• Certifications such as OSCP, OSWE, OSCE, CEH, or CISSP – a plus.
• Strong analytical, problem-solving, and communication skills.