Senior Penetration Tester

About The Position

Requirements

• 5+ years of hands-on penetration testing experience in offensive security, with a proven track record of scoping, executing, and reporting on complex engagements.
• Expertise in manual penetration testing of web, API, cloud (AWS/Azure/GCP), infrastructure, thick-client, and/or mobile applications (android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc.).
• Strong understanding of security assessment methodologies such as OWASP Top Ten, NIST Cybersecurity Framework, and other relevant standards.
• Ability to identify and articulate systemic security issues related to threats, vulnerabilities, and risks, and provide clear, actionable recommendations for remediation.
• Exceptional organizational and communication skills, including the ability to write detailed technical reports and present findings to both technical and non-technical stakeholders.
• Experience conducting peer reviews of penetration test reports and mentoring junior testers.
• Continuous learner who keeps up with the latest offensive security trends, tools, and techniques.

Nice To Haves

• Knowledge of cybersecurity practices, operational risk management, and incident response methodologies within the US financial services sector, including relevant regulations, threats, and risks.
• Proficiency in penetration testing and security concepts for both Windows and Unix-like operating systems.
• Experience conducting security-focused source code reviews (e.g., Python, Java, Rust).
• Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
• Relevant certifications such as OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, or BSCP.

Responsibilities

• Plan, scope, and execute penetration testing engagements across a variety of environments, including web applications, APIs, cloud platforms, infrastructure, thick-client, and/or mobile applications.
• Collect and validate pre-requisites for each engagement, ensuring all necessary access, documentation, and approvals are in place.
• Perform manual and automated testing to identify vulnerabilities, misconfigurations, and security weaknesses, leveraging industry-standard tools and custom scripts.
• Document and communicate findings through comprehensive reports that include technical details, risk assessments, and actionable remediation recommendations.
• Conduct peer reviews of penetration test reports to ensure accuracy, consistency, and quality of deliverables.
• Collaborate with development, infrastructure, and security teams to clarify findings, support remediation efforts, and provide subject matter expertise on offensive security.
• Stay current with emerging threats, vulnerabilities, and attack techniques by leveraging threat intelligence, security research, and participation in relevant industry groups.
• Contribute to the continuous improvement of penetration testing methodologies, tools, and frameworks to enhance effectiveness and alignment with firm strategy and regulatory requirements.