Job Description We are actively recruiting an experienced Penetration Tester to significantly enhance our security practice, focusing on delivering high-assurance offensive security services to both sensitive government and major commercial clientele. This role requires an expert capable of executing sophisticated and targeted testing methodologies, including Red Team exercises and focused penetration tests across a diverse range of environments. The scope of technical work will span modern and complex infrastructure, traditional, and specialized environments. The successful candidate will not only identify and exploit vulnerabilities but must also translate complex technical findings into clear, high-quality deliverables. This involves authoring both detailed technical reports for engineering teams and precise executive reports for leadership. A critical element of the role is close collaboration with client security and development teams to guide and validate effective remediation strategies, ensuring our clients achieve a demonstrably superior security posture. Key Responsibilities: Offensive Security Execution: Plan, scope, and execute comprehensive penetration tests and Red Team engagements targeting diverse client environments, including: web applications, APIs, network infrastructure, multi-cloud workloads, and specialized systems. Reporting Excellence: Produce high-quality, actionable deliverables, including detailed technical findings and executive reports that clearly articulate risk severity, exploitability, mitigation steps, and checklists. Engagement Governance: Develop clear and strictly ensure all testing activities adhere to documented legal, contractual, and operational boundaries. Advanced Testing Techniques: Conduct rigorous vulnerability assessments, manual exploitation, privilege escalation, persistence establishment, and to simulate real-world threats. Remediation Assurance: Validate the effectiveness of client remediation actions through systematic retesting, providing definitive evidence and expert guidance for formal remediation acceptance. Compliance Mapping: Map security findings directly to relevant compliance frameworks, including controls and the where applicable. Accreditation Support: Provide critical input derived from testing findings to the support system processes. Assurance Collaboration: Actively collaborate with and client security teams during formal assurance and compliance review activities. Security and Confidentiality: Rigorously maintain confidentiality, chain of custody for evidence, and strictly adhere to all client site access and personnel. Team and Tooling Development: Mentor junior security practitioners and contribute to the continuous improvement of internal penetration testing playbooks, methodologies, and specialized tooling.
