Job Description
Travel Requirement: Up to 80% Reports To: Executive Leadership Our client, a rapidly growing digital forensics, eDiscovery, and cybersecurity services provider delivering comprehensive data solutions to law firms, corporations, and government entities, seeks a Penetration Tester. The hiring company is known for its commitment to technical excellence, client trust, and precision in handling sensitive digital evidence. With a focus on quality, collaboration, and innovation, the organization continues to expand its footprint across multiple service lines in digital investigations and data management. Position Overview The Penetration Tester to assesses, identifies, and exploits security vulnerabilities in applications, networks, cloud environments, and enterprise systems. The ideal candidate will have deep expertise in ethical hacking, vulnerability assessments, red teaming, and security testing methodologies. This role involves simulating real-world cyberattacks to help organizations strengthen their security posture. Key Responsibilities: Penetration Testing & Security Assessments Conduct black-box, white-box, and gray-box penetration testing on web applications, networks, APIs, and mobile apps. Identify and exploit security vulnerabilities, misconfigurations, and weaknesses. Simulate real-world cyber threats and attack scenarios using red team methodologies. Assess cloud security in AWS, Azure, and Google Cloud environments. Vulnerability Research & Exploitation Research and test zero-day vulnerabilities, malware, and exploit techniques. Develop custom exploits, scripts, and tools for penetration testing. Reverse-engineer applications and analyze binary security flaws. Utilize frameworks like Metasploit, Burp Suite, Nmap, Kali Linux, and Cobalt Strike. Reporting & Compliance Document findings, risk levels, and remediation recommendations in penetration testing reports. Ensure compliance with security frameworks (OWASP, NIST, ISO 27001, PCI-DSS, SOC 2). Present test results to security teams, developers, and executive leadership. Security Strategy & Continuous Improvement Work with blue teams and security engineers to implement fixes and security hardening strategies. Conduct threat modeling, attack surface analysis, and security code reviews. Stay updated on emerging threats, hacking techniques, and security research. Assist in security awareness training and red team exercises. Qualifications Skills: Education: Bachelor's or Masters degree in Cybersecurity, Computer Science, or related field (preferred). Experience: 3+ years in penetration testing, red teaming, or security assessments. Certifications (Preferred): OSCP, OSWE, GPEN, CEH, CRTP, or equivalent. Technical Proficiency: o Strong knowledge of offensive security tools (Metasploit, Burp Suite, Nessus, Wireshark, etc.). o Experience in web, API, network, mobile, and cloud penetration testing. o Proficiency in Python, Bash, PowerShell, or C for exploit development. o Familiarity with MITRE ATT&CK, threat modeling, and social engineering tactics. Problem-Solving & Analytical Skills: Ability to think like an attacker and find innovative ways to bypass security controls. Communication Skills: Ability to document findings clearly and explain vulnerabilities to technical and non-technical stakeholders. Must be able to travel internationally-