Senior Infrastructure Penetration Tester

E.V.A Information Security is seeking a highly skilled and motivated Senior Infrastructure Penetration Tester to join our Offensive Security team.

Our mission is to help our clients grow by leveraging modern technology and creating a safe future. We specialize in performing comprehensive infrastructure penetration tests and adversary simulations to ensure our clients’ environments are resilient against real-world threats.

As a Senior Infrastructure Penetration Tester at E.V.A Information Security, you will:

• Perform advanced penetration tests on internal and external infrastructures, including servers, workstations, and network devices.
• Simulate advanced persistent threat (APT) scenarios, mimicking real-world adversary tactics, techniques, and procedures (TTPs).
• Conduct comprehensive Active Directory security assessments, including privilege escalation, domain compromise, and lateral movement.
• Assess non-AD environments (Linux, macOS, custom systems) for misconfigurations and exploitation opportunities.
• Execute wireless network penetration tests (Wi-Fi security assessments), identifying weaknesses in authentication, encryption, and segmentation.
• Evaluate VPNs, firewalls, IDS/IPS, and other perimeter and internal network controls.
• Develop and execute custom exploits, payloads, or attack chains where necessary to demonstrate real-world risks.
• Bypass and evade modern security controls such as EDR, AV, and SIEM systems during engagements.
• Document findings with high technical accuracy and deliver actionable remediation strategies to both technical and non-technical audiences.
• Continuously research emerging attack techniques, tools, and exploits to stay ahead of evolving threats.

Qualifications

• Proven experience in infrastructure penetration testing and adversary simulations.
• Strong expertise in network protocols, Active Directory, and Windows/Linux environments.
• Hands-on experience with Wi-Fi security testing (WPA2/WPA3, enterprise networks, rogue AP attacks).
• Deep understanding of common offensive tools and frameworks (Cobalt Strike, Metasploit, BloodHound, CrackMapExec, responder, Impacket, etc.).
• Skilled in post-exploitation techniques, lateral movement, and persistence strategies.
• Proficiency in scripting/automation with Python, PowerShell, or Bash.
• Ability to identify, analyze, and exploit vulnerabilities in complex environments.
• Strong written and verbal communication skills with the ability to present findings clearly to clients.

What Will Give You An Advantage?

• Advanced offensive security certifications (OSCP, OSEP, OSCE3, CRTP, CRTE, eCPTX, etc.).
• Proven experience in red teaming or adversary emulation exercises.
• Expertise in evading modern detection technologies (EDR/AV).
• Prior experience in a client-facing consulting role.