Penetration Tester
Your new company
A leading organisation committed to building secure, high‑quality software and infrastructure. You will join a team that values strong security practices, continuous improvement, and technical excellence across application, infrastructure, and cloud environments.
Your new role
As a Penetration Tester, you will conduct in‑depth security assessments across web applications, mobile apps, thick clients, networks, and infrastructure. You'll perform manual and automated penetration testing, secure code reviews, threat profiling, and vulnerability analysis. You'll collaborate closely with development and architecture teams, provide remediation guidance, and contribute to building a mature security posture across the organisation.
What you'll need to succeed
* 9–12 years of total IT experience, with at least 9 years in penetration testing across applications, infrastructure, and mobile.
* Strong hands‑on experience in:
* Web and thick‑client penetration testing
* Mobile application security testing
* Infrastructure and network penetration testing
* Secure code review across Java, ASP, .NET, C++, C#, PHP, etc.
* Strong understanding of cryptography, authentication mechanisms, and secure development practices.
* Ability to analyse application architecture, perform threat modelling, and conduct comprehensive manual reviews.
* Deep knowledge of OWASP Top 10, SANS Top 25, and industry security standards.
* Understanding of HTTP, SOAP/REST, SSL/TLS protocols.
* Experience with relational databases: Oracle, MS‑SQL, MySQL.
* Strong skills in vulnerability analysis, impact assessment, and risk determination.
* Experience leading security testing engagements and mentoring junior testers.
* Excellent written, verbal, and presentation communication skills.
* Familiarity with secure SDLC processes and security consulting.
Tools proficiency:
* Secure code review: Checkmarx, HP Fortify, AppScan Source
* Web app scanning: AppScan, HP WebInspect, Burp Suite Pro
* Programming languages: Java, C, C++, .NET
* Development knowledge: ASP.NET, ASP, PHP, J2EE, JSP
* Database scanning: NGS, Scuba
* Vulnerability scanning: Qualys, Nessus
Good to have:
* Hands‑on application development experience.
* Experience using modern IDEs (Java/.NET/PHP); Eclipse is a plus.
* Experience conducting network penetration testing and vulnerability assessments.
* Exposure to Pre‑Sales / RFPs.
* Knowledge of compliance frameworks: ISO 27001, PCI DSS, HIPAA, SOX.
* Security certifications such as CEH, CISSP, CISA, ECSA, LPT.
What you'll get in return
A chance to work on challenging penetration testing engagements, influence security strategy, and strengthen the organisation's overall security posture. You'll gain exposure to a wide range of technologies, opportunities to lead and mentor, and a pathway to grow into advanced offensive security roles.