Senior Vulnerability Assessment and Penetration Testing

Job description

Responsibilities

• Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
  
  
• Manage end-to-end security assessment projects, including scoping, execution, reporting, and remediation guidance.
  
  
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly.
  
  
• Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions.
  
  
• Collaborate closely with client stakeholders to ensure security recommendations are practical and actionable.
  
  
• Advanced Threat Modelling & Risk Assessment
• Design and maintain threat models tailored to client applications, networks, and cloud environments.
  
  
• Perform risk assessments focusing on business impact and likelihood of exploitation.
  
  
• Develop attack scenarios based on the latest threat intelligence and real-world attacker techniques.
  
  
• Guide clients in integrating security into their software development lifecycle (SDLC) and cloud infrastructure designs.
  
  
• Penetration Testing & Red Team Operations
• Lead advanced black-box, grey-box, and white-box penetration testing engagements for web applications, APIs, networks, and cloud environments.
  
  
• Conduct sophisticated Red Team exercises to simulate targeted attack campaigns.
  
  
• Design and develop custom exploits and testing tools to replicate specific attacker techniques.
  
  
• Perform social engineering tests (phishing campaigns, physical security assessments) in controlled and ethical scenarios.
  
  
• Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans.
  
  
• Comprehensive Reporting & Documentation
• Produce clear and technically thorough vulnerability assessment and penetration testing reports.
  
  
• Create executive-level summaries focused on business impact and compliance risks.
  
  
• Maintain structured and up-to-date testing methodologies and playbooks.
  
  
• Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies.
  
  
• Technical & Programming Expertise
• Expert in vulnerability assessment and exploitation techniques across a wide range of technologies.
  
  
• Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump.
  
  
• Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive testing tasks and tool workflows.
  
  
• Capable of custom tool development and advanced exploit research to target unique client environments.
  
  
• Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis.
  
  
• In-depth understanding of cloud security risks, identity and access management, and container security (Docker, Kubernetes).
  
  
• Social Engineering & OSINT Expertise
• Design and execute social engineering and phishing simulations tailored to client environments.
  
  
• Perform physical security assessments through tactics like tailgating and badge cloning.
  
  
• Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for assessments.
  
  
• Provide training and awareness recommendations based on assessment outcomes.
  
  
• Professional Attributes & Mindset
• Strong analytical, problem-solving, and creative thinking skills.
  
  
• Ethical hacker mindset with a continuous drive to research emerging threats, attack techniques, and defense bypass methods.
  
  
• Methodical and detail-oriented approach to testing with the ability to think like an attacker.
  
  
• Strong communication and presentation skills, able to engage both technical teams and business leadership.
  
  
• Proactively innovate by developing new tools, scripts, or methodologies to improve testing efficiency and depth.
  
  

Qualifications

• 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and security consulting.
  
  
• Strong technical expertise in application security, network security, cloud security (AWS, Azure, GCP), and infrastructure security testing.
  
  
• Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc.
  
  
• Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual testing methodologies.
  
  
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis.
  
  
• Experience conducting cloud security assessments, including misconfigurations, IAM permissions analysis, and container security.
  
  
• Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and tools.
  
  
• Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK.
  
  
• Strong reporting and documentation skills, able to translate technical findings into business friendly recommendations.
  
  
• Excellent communication and stakeholder management skills, able to lead client-facing engagements.
  
  
• Relevant certifications are a strong plus (e.g., OSCP, CREST, CISSP, CEH, GIAC GPEN).
  
  

Preferred Qualifications:

• Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable.
  
  
• Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks.
  
  
• Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001.
  
  
• Prior consulting experience in a service delivery or customer-facing environment.
  
  
• Experience with threat intelligence platforms and indicators of compromise (IoCs).
  
  

Required Skill Profession

Other General