Web and Infrastructure Penetration Tester

We are a cloud and security services company specializing in designing and operating secure, scalable and cost efficient cloud infrastructures. Our work spans cloud architecture, DevOps automation and security engineering, helping organizations reduce risk, meet compliance standards and modernize their technology environments. We support clients across industries in building reliable, well governed and future ready cloud foundations.

About the position

We are seeking a skilled and motivated Penetration Tester with solid hands-on experience in web application, infrastructure, and mobile application security testing. The successful candidate will perform security assessments, identify vulnerabilities, and provide actionable recommendations to improve our security posture. You will work with development, operations, and security teams to support secure system design and remediation.

Responsibilities:

• Plan and execute penetration tests on web applications, networks, servers, cloud environments, APIs and mobile applications.
• Conduct internal and external infrastructure testing including network services, host based security, firewalls, VPNs, and segmentation.
• Perform authenticated and unauthenticated web application assessments such as logic flaws, injection vulnerabilities, insecure authentication, and access control issues.
• Test iOS and Android applications for common mobile security weaknesses.
• Use manual testing techniques supported by industry tools to discover security weaknesses.
• Produce high quality, detailed, accurate test reports with reproduction steps and risk based remediation guidance.
• Collaborate with stakeholders to scope engagements and define testing requirements.
• Participate in threat modeling and security design reviews.
• Stay current with emerging vulnerabilities, exploits, tools, and techniques.

Qualifications

• 1+ years of experience performing hands-on penetration testing.
• Proven experience testing web applications and infrastructure.
• Penetration Testing certification required. OSCP or GPEN certification is an advantage.
• Solid understanding of web technologies (HTTP, JavaScript, REST APIs) and mobile platforms.
• Familiarity with secure coding practices and common frameworks.
• Experience with common security testing tools such as Burp Suite, Nmap, Metasploit, OWASP ZAP, mobile testing tools, and vulnerability scanners.
• Strong knowledge of vulnerability classes and exploit techniques.
• Demonstrated ability to document findings clearly and communicate technical issues effectively.
• Experience performing tests in compliance driven environments such as finance, healthcare or defense is a strong advantage.



Why join us?

We offer opportunities for professional development and long term career growth. If this role sounds like a match and you are excited to grow with a team that learns together, challenges each other and supports one another, we would love to talk.