Pentester
The primary objectives of the role are to:
Identify security vulnerabilities in external and internal infrastructure/applications.
Validate the effectiveness of existing security controls.
Ensure compliance with DORA and PCI-DSS regulations.
Provide actionable remediation guidance.
The Penetration Tester will be responsible for conducting comprehensive penetration tests across the following areas:
Asset Type Environment Notes
Web applications Staging/Prod Main customer portal, admin panels, complex business-oriented apps
Mobile applications Staging/Prod Android/iOS native apps, React Native
Cloud environment Production AWS/Azure/GCP, CIS benchmark
Thick client apps Production Desktop agents, use of API
External infra Production Firewalls, VPN gateways
Internal infra Production AD environment, database servers
APIs and microservices Staging/Prod REST API provided with Swagger
Manual vs Automated: Emphasis on manual exploitation. Automated scanning should not exceed 20% of effort.
Standards: Testing must adhere to OWASP Top 10 for web/mobile apps, PTES, or OSSTMM.
Credentials: For grey-box testing, accounts will be provided (e.g., admin, user, viewer) for privilege escalation testing.
Proven experience in delivering high-quality pentest services to enterprise clients (at least 5 years of experience delivering pentests) and client references.
Team members with relevant certifications (e.g., OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP).
High communication quality: clear verbal communication and reporting.
Ability to deliver detailed, structured, and actionable reports.
Use of industry-standard tools and methodologies.
Pentester
Pentester