Penetration Testing jobs

Job Overview
We are looking for a motivated and skilled Penetration Tester with hands-on experience in Active Directory, Network, and Web Application penetration testing. The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture.
In addition to traditional penetration testing, the candidate will participate in purple-team exercises, collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest in SOC operations, monitoring, and threat detection will be considered a strong advantage.

Key Responsibilities

• Perform Active Directory penetration testing to identify privilege escalation paths, insecure configurations, and potential lateral movement opportunities.
• Conduct internal and external network penetration tests to identify vulnerabilities and weaknesses within the enterprise infrastructure.
• Perform web application penetration testing, including authentication testing, input validation, session management, and business logic testing.
• Identify and analyze security misconfigurations across systems, services, and network infrastructure.
• Conduct security audits and configuration reviews to identify gaps against security best practices and industry standards.
• Perform risk assessments by evaluating vulnerabilities, misconfigurations, and their potential business impact.
• Document security findings, misconfigurations, and vulnerabilities with clear risk ratings and remediation guidance.
• Participate in purple team engagements by simulating attacker techniques and helping SOC teams improve detection and response capabilities.
• Support threat simulation exercises based on real-world attack techniques and frameworks such as MITRE ATT&CK.
• Work closely with SOC and defensive teams to improve alerting, monitoring, and threat detection use cases.
• Assist in validating remediation efforts by performing retesting and verification of fixes.
• Prepare technical and executive-level reports summarizing findings, risks, and recommended mitigation strategies.

Requirements

• Nmap
• Burp Suite
• Metasploit
• BloodHound
• Impacket
• CrackMapExec

• Strong understanding of Windows security architecture and AD attack techniques
• Knowledge of network protocols, authentication mechanisms, and common attack vectors

Nice to Have

• Experience with Purple Team exercises
• Exposure to SOC operations, SIEM platforms, or security monitoring
• Familiarity with MITRE ATT&CK framework
• Scripting knowledge (Python, PowerShell, Bash)
• Exposure to cloud security assessments (Azure / AWS)

Preferred Certifications (Optional)

• PNPT
• eCPPT
• GPEN / GWAPT

Soft Skills

• Strong analytical and problem-solving mindset
• Ability to clearly communicate technical risks and remediation steps
• Good documentation and reporting skills
• Ability to collaborate with both offensive and defensive security teams
• Strong curiosity and passion for continuous learning in cybersecurity