Penetration Tester

Job Overview
We are looking for a motivated and skilledPenetration Tester with hands-on experience inActive Directory, Network, and Web Application penetration testing. The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture.
In addition to traditional penetration testing, the candidate will participate in purple-team exercises, collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest inSOC operations, monitoring, and threat detection will be considered a strong advantage.

Key Responsibilities

• PerformActive Directory penetration testing to identify privilege escalation paths, insecure configurations, and potential lateral movement opportunities.
• Conductinternal and external network penetration tests to identify vulnerabilities and weaknesses within the enterprise infrastructure.
• Performweb application penetration testing, including authentication testing, input validation, session management, and business logic testing.
• Identify and analyzesecurity misconfigurations across systems, services, and network infrastructure.
• Conductsecurity audits and configuration reviews to identify gaps against security best practices and industry standards.
• Performrisk assessments by evaluating vulnerabilities, misconfigurations, and their potential business impact.
• Documentsecurity findings, misconfigurations, and vulnerabilities with clear risk ratings and remediation guidance.
• Participate inpurple team engagements by simulating attacker techniques and helping SOC teams improve detection and response capabilities.
• Supportthreat simulation exercises based on real-world attack techniques and frameworks such as MITRE ATT&CK.
• Work closely with SOC and defensive teams to improvealerting, monitoring, and threat detection use cases.
• Assist in validating remediation efforts by performingretesting and verification of fixes.
• Preparetechnical and executive-level reports summarizing findings, risks, and recommended mitigation strategies.

Required Skills & Experience
• Hands-on experience inActive Directory security assessments and penetration testing
• Strong knowledge ofnetwork penetration testing methodologies
• Experience inweb application security testing (OWASP Top 10)
• Understanding ofsecurity configuration reviews and misconfiguration analysis
• Experience performingvulnerability validation and risk analysis
• Hands-on experience with tools such as:

• Nmap
• Burp Suite
• Metasploit
• BloodHound
• Impacket
• CrackMapExec

• Strong understanding ofWindows security architecture and AD attack techniques
• Knowledge ofnetwork protocols, authentication mechanisms, and common attack vectors
Nice to Have

• Experience withPurple Team exercises
• Exposure toSOC operations, SIEM platforms, or security monitoring
• Familiarity withMITRE ATT&CK framework
• Scripting knowledge (Python, PowerShell, Bash)
• Exposure tocloud security assessments (Azure / AWS)

Preferred Certifications (Optional)

• PNPT
• eCPPT
• GPEN / GWAPT

Soft Skills

• Strong analytical and problem-solving mindset
• Ability to clearly communicate technical risks and remediation steps
• Good documentation and reporting skills
• Ability to collaborate with both offensive and defensive security teams
• Strong curiosity and passion forcontinuous learning in cybersecurity