• Plan, execute, and document penetration tests on web applications, networks, cloud environments, and mobile platforms.• Perform vulnerability assessments and exploit security weaknesses to evaluate system resilience.• Simulate real-world cyberattacks to assess and improve the organization’s defensive posture.• Identify, analyze, and document security flaws, misconfigurations, and potential exploits.• Develop proof-of-concept (PoC) exploits to demonstrate risk impact and severity.• Collaborate with system owners, developers, and security teams to recommend effective remediation strategies.• Conduct post-assessment debriefs and produce detailed technical and executive-level reports.• Stay current on emerging threats, vulnerabilities, and penetration testing tools and methodologies.• Support red team exercises and advanced adversary simulations when required.• Participate in continuous improvement of security testing frameworks, methodologies, and automation.• Ensure compliance with relevant cybersecurity standards (e.g., OWASP, NIST, ISO 27001, PCI DSS).
• Bachelor’s degree in Computer Science, Information Security, or related discipline.• 3–7 years of hands-on experience in penetration testing, ethical hacking, or vulnerability assessment.• Proficiency in tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux.• Strong understanding of networking, operating systems (Windows, Linux), and web application architectures.• Experience with scripting languages (Python, PowerShell, Bash) for automation and exploit development.• Familiarity with secure coding practices and common attack vectors (XSS, SQLi, CSRF, etc.).• Professional certifications preferred: OSCP, CEH, GPEN, or similar.• Strong analytical, documentation, and communication skills.• Ability to work independently and in collaboration with cross-functional teams
