Key Responsibilities
Perform comprehensive security evaluations of web applications, corporate networks, and cloud infrastructures (AWS, Azure, GCP) to identify and mitigate potential threats.
Simulate real-world cyberattacks to uncover security weaknesses such as SQL Injection, Cross-Site Scripting, SSRF, RCE, and IDOR.
Conduct network and infrastructure assessments, including vulnerability discovery, privilege escalation testing, and Active Directory (AD) security analysis.
Utilize professional-grade tools like Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Kali Linux, and BloodHound to perform detailed penetration and exploitation tests.
Design and implement custom scripts or automation utilities to streamline penetration testing and vulnerability management processes.
Execute post-exploitation and persistence testing, documenting findings and demonstrating attack chains and their impacts.
Prepare clear, actionable security reports that outline findings, risk levels, and practical remediation recommendations.
Continuously monitor emerging cyber threats, zero-day vulnerabilities, and evolving attack methodologies to enhance organizational resilience.
Qualifications & Skills
Proven experience in penetration testing, vulnerability assessment, red teaming, and application security.
Deep understanding of security standards and frameworks such as OWASP Top 10, PTES, MITRE ATT&CK, NIST, and CIS Benchmarks.
Expertise in cloud and API security, including secure configuration and threat detection in hybrid or multi-cloud environments.
Strong background in network security, firewall bypass, and wireless penetration testing.
Skilled in Active Directory exploitation techniques such as Kerberoasting, Pass-the-Hash, and credential harvesting using tools like Mimikatz, PowerShell Empire, and BloodHound.
Knowledge of malware analysis, reverse engineering, and exploit development is highly advantageous.
Proficient in scripting and automation using Python, Bash, PowerShell, JavaScript, or C.
Preferred certifications include OSCP, OSEP, CRTP, GPEN, eWPTX, CISSP, or equivalent credentials.
Keyword:
Cybersecurity Engineer, PenTest, Red Team, Web Security, AppSec, Cloud Security, InfoSec, Threat Analysis, Vulnerability Assessment, Exploit Development, Network Security, Security Automation, Ethical Hacking, OSCP, Cyber Defense, Penetration Tester, Incident Response.
