Penetration Tester (Ethical Hacker)

Job Summary

We are seeking a skilled and driven penetration tester with a hacker mindset to proactively Simulate real world attacks to identify, assess and exploit security vulnerabilities.

You’ll be part of a fast-paced security team, expected to think like an adversary while maintaining ethical standards and compliance.

You must be capable of both automated and manual testing, custom script writing, and producing detailed yet understandable reports.

Key Responsibilities

1. Conduct black-box, gray-box, and white-box penetration tests on : organization’s Web apps, Mobile apps, APIs.

2. Perform social engineering and phishing simulation campaigns

3. Develop and execute custom exploits where necessary

4. Document proof-of-concept exploits and provide risk-ranked findings

5. Conduct red team exercises simulating advanced persistent threats (APT)

6. Analyze security findings from Hacker One and recreate vulnerabilities

7. Collaborate with developers, Appsec Team, DevOps, and product teams to provide remediation guidance

8. Stay current on CVEs, exploits, hacker tools, and threat actor techniques (TTPs)

9. Weekly updates and debriefs with stakeholders

10. Manual Application and Api Penetration testing based on Owasp top 10 (Mobile,Web,Api)

Minimum Requirements

1. Proven experience in offensive security or ethical hacking

2. Demonstrated history with Bug Bounty programs or CTF competitions

3. Deep understanding of web technologies, cloud platforms, and modern infrastructure

4. Ability to write and explain exploits or security PoCs clearly

5. Strong report writing and communication skills

Tools and Platforms (it’s expected to have a knowledge of how to use at least one of each of the listed tools) :

1. Burp Suite, OWASP ZAP, Nmap,

2. Mobile security tools : MobSF, Frida, jadx, Objection, genny motion, Andriod studio.

3. Kali Linux, Parrot OS, custom scripts in Python, Bash, PowerShell.

4. Postman, for API testing

5. Security Standards & Compliance

6. OWASP Top 10 (Web, API, Mobile)

7. CIS Benchmarks

8. NIST 800-53, ISO / IEC 27001

Preferred Qualifications :

1. CEH, OSCP, OSCE, GPEN, or similar certifications

2. Experience working in CI / CD environments and with DevSecOps teams

3. Programming or scripting experience (Python, JavaScript, Nodejs, php, Go, Bash)