Role Summary: We are looking for a skilled and proactive Penetration Tester to join our Cybersecurity Consulting team. The primary mission of this role is to simulate real-world attacks against our clients' critical infrastructure and applications. This is a client-facing role that demands technical excellence in exploitation combined with exceptional communication skills to clearly articulate risks and provide practical, strategic remediation advice. You will be responsible for defining project scope, executing detailed testing, and providing actionable remediation guidance to our clients' technical and leadership teams.

 

Key Responsibilities

Consulting and Service Delivery

• Lead and execute penetration tests (including black-box, grey-box, and white-box) on client network infrastructure, web applications, APIs, and cloud environments (AWS/Azure/GCP).
• Execute advanced vulnerability analysis using both automated tools and manual, deep-dive techniques to discover complex security flaws.
• Define the technical scope of pentesting and vulnerability analysis projects, ensuring alignment with the client's business objectives.
• Manage continuous vulnerability scanning and analysis programs for clients, prioritizing remediation based on risk score (CVSS, exploitability, and business impact).
• Develop and adapt tools, scripts, and methodologies (adversary simulation) to optimize the efficiency of consulting services.

Documentation and Stakeholder Management

• Lead client engagements from kickoff through final delivery, managing project scope, timelines, and client expectations.
• Generate comprehensive technical and executive reports, detailing vulnerabilities, Proof-of-Concept (PoC) exploits, severity levels, and clear, practical remediation recommendations.
• Collaborate directly with the client's development and operations teams to validate fixes and ensure the secure implementation of patches and code changes.
• Present findings and risk summaries to both technical staff and executive client stakeholders, translating technical risk into business context.

Research and Professional Development

• Stay updated with the latest attack techniques, threat landscapes, and industry best practices (e.g., OWASP Top 10, MITRE ATT&CK).
• Contribute to the continuous improvement of internal consulting methodologies and the development of intellectual property in the cybersecurity field.

 

Mandatory Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience).
• Experience: 2+ years of hands-on professional experience in Penetration Testing or Offensive Security roles, ideally within a Consulting or Managed Services environment.
• Technical Skills: Deep knowledge of network protocols, operating systems (Linux/Windows hardening), and web application security standards (OWASP Top 10).
• Tool Proficiency: Expert experience using security tools such as Burp Suite Professional, Nessus, Nmap, Metasploit, Wireshark, and scripting languages (Python/Bash).
• Methodology: Proven experience working with recognized testing methodologies (PTES, OWASP, NIST).
• English level: C1.

 

Preferred Qualifications

• Certifications: Certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC certifications (GPEN, GWAPT).
• Soft Skills: Excellent verbal and written communication skills; proven ability to interact directly with clients, manage expectations, and translate complex technical risks into business context.
• Cloud: Proven experience in security testing of cloud-native applications and services (containers, serverless functions) in consulting environments.

 

Why Join

This role offers direct exposure to a diverse portfolio of clients and technologies. You will gain invaluable experience translating technical findings into business value, accelerating your career growth as a trusted security advisor.