Penetration Tester

Job Overview
We are looking for a motivated and skilled Penetration Tester with hands-on experience in Active Directory, Network, and Web Application penetration testing. The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture.
In addition to traditional penetration testing, the candidate will participate in purple-team exercises, collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest in SOC operations, monitoring, and threat detection will be considered a strong advantage.

Key Responsibilities

• Perform Active Directory penetration testing to identify privilege escalation paths, insecure configurations, and potential lateral movement opportunities.
• Conduct internal and external network penetration tests to identify vulnerabilities and weaknesses within the enterprise infrastructure.
• Perform web application penetration testing, including authentication testing, input validation, session management, and business logic testing.
• Identify and analyze security misconfigurations across systems, services, and network infrastructure.
• Conduct security audits and configuration reviews to identify gaps against security best practices and industry standards.
• Perform risk assessments by evaluating vulnerabilities, misconfigurations, and their potential business impact.
• Document security findings, misconfigurations, and vulnerabilities with clear risk ratings and remediation guidance.
• Participate in purple team engagements by simulating attacker techniques and helping SOC teams improve detection and response capabilities.
• Support threat simulation exercises based on real-world attack techniques and frameworks such as MITRE ATT&CK.
• Work closely with SOC and defensive teams to improve alerting, monitoring, and threat detection use cases.
• Assist in validating remediation efforts by performing retesting and verification of fixes.
• Prepare technical and executive-level reports summarizing findings, risks, and recommended mitigation strategies.

Requirements

Required Skills & Experience
• Hands-on experience in Active Directory security assessments and penetration testing
• Strong knowledge of network penetration testing methodologies
• Experience in web application security testing (OWASP Top 10)
• Understanding of security configuration reviews and misconfiguration analysis
• Experience performing vulnerability validation and risk analysis
• Hands-on experience with tools such as:

• Nmap
• Burp Suite
• Metasploit
• BloodHound
• Impacket
• CrackMapExec

• Strong understanding of Windows security architecture and AD attack techniques
• Knowledge of network protocols, authentication mechanisms, and common attack vectors
Nice to Have

• Experience with Purple Team exercises
• Exposure to SOC operations, SIEM platforms, or security monitoring
• Familiarity with MITRE ATT&CK framework
• Scripting knowledge (Python, PowerShell, Bash)
• Exposure to cloud security assessments (Azure / AWS)

Preferred Certifications (Optional)

• PNPT
• eCPPT
• GPEN / GWAPT

Soft Skills

• Strong analytical and problem-solving mindset
• Ability to clearly communicate technical risks and remediation steps
• Good documentation and reporting skills
• Ability to collaborate with both offensive and defensive security teams
• Strong curiosity and passion for continuous learning in cybersecurity