Pentester

Role Objective

The primary objectives of the role are to:

• Identify security vulnerabilities in external and internal infrastructure/applications.

• Validate the effectiveness of existing security controls.

• Ensure compliance with DORA and PCI-DSS regulations.

• Provide actionable remediation guidance.

Scope of Work

The Penetration Tester will be responsible for conducting comprehensive penetration tests across the following areas:

Asset Type Environment Notes

• Web applications Staging/Prod Main customer portal, admin panels, complex business-oriented apps

• Mobile applications Staging/Prod Android/iOS native apps, React Native

• Cloud environment Production AWS/Azure/GCP, CIS benchmark

• Thick client apps Production Desktop agents, use of API

• External infra Production Firewalls, VPN gateways

• Internal infra Production AD environment, database servers

• APIs and microservices Staging/Prod REST API provided with Swagger

Testing Methodology

• Manual vs Automated: Emphasis on manual exploitation. Automated scanning should not exceed 20% of effort.

• Standards: Testing must adhere to OWASP Top 10 for web/mobile apps, PTES, or OSSTMM.

• Credentials: For grey-box testing, accounts will be provided (e.g., admin, user, viewer) for privilege escalation testing.

Key Requirements

• Proven experience in delivering high-quality pentest services to enterprise clients (at least 5 years of experience delivering pentests) and client references.

• Team members with relevant certifications (e.g., OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP).

• High communication quality: clear verbal communication and reporting.

• Ability to deliver detailed, structured, and actionable reports.

• Use of industry-standard tools and methodologies.