Job Description

Overview:

Role Overview:

Aptean is seeking a

Senior Penetration Tester with strong

DevSecOps

expertise

to play a dual-role in our offensive security and secure development lifecycle initiatives. You will lead advanced penetration testing engagements, red team operations, and threat simulations across enterprise environments while also driving secure software practices by integrating security into CI/CD pipelines. This role blends deep offensive security capabilities with hands-on DevSecOps implementation, contributing to both proactive and preventative cybersecurity postures.

Key Responsibilities:

Offensive Security & Penetration Testing

Lead and perform advanced penetration testing across: Web, mobile (iOS/Android), and desktop/thick client applications APIs (REST, GraphQL, SOAP) with focus on business logic vulnerabilities Internal/external networks and hybrid infrastructure (on-prem and cloud) Execute red team engagements simulating real-world adversaries (APT-style) Targeting Windows Active Directory, Linux systems, and cloud platforms (AWS, Azure, GCP) Employing post-exploitation, lateral movement, and persistence techniques Build and maintain offensive infrastructure (C2 servers, phishing platforms) Develop proof-of-concept exploits and adversary emulation scenarios Deploy and monitor honeypots/honeynets for threat detection and behavior analysis

DevSecOps

& Secure SDLC

Integrate security tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD) Automate security testing and policy enforcement in the development lifecycle Collaborate with DevOps and developers to implement secure coding practices and remediation workflows Build custom scripts/tools for security automation (Python, Bash, PowerShell) Monitor and harden containerized and cloud-native infrastructure (Docker, Kubernetes, serverless) Support security gate controls and compliance checks across release pipelines

Reporting, Documentation & Communication

Deliver detailed technical reports and executive summaries of findings Present findings to cross-functional stakeholders including engineering and executive leadership Provide actionable remediation guidance with risk prioritization Develop technical documentation, threat playbooks, and attack narratives

Leadership, Collaboration & Mentorship

Mentor junior penetration testers and review their assessments Lead purple teaming exercises to bridge offensive and defensive capabilities Collaborate with blue teams to enhance detection and response Conduct knowledge sharing sessions and internal capability development Stay current with threat landscape, tools, and techniques

Required Qualifications:

Experience & Background

8-10 years in cybersecurity with primary focus on penetration testing and red teaming At least 2 years hands-on experience integrating security in CI/CD and DevSecOps environments Proven leadership in complex offensive security engagements

Technical Skills

Offensive Security: Advanced penetration testing of web, mobile, and thick client apps Red teaming, lateral movement, and post-exploitation in enterprise environments API security testing and exploitation Tooling & Platforms: Burp Suite, OWASP ZAP, Metasploit, Cobalt Strike, BloodHound, Empire, Sliver Nessus, Nmap, Trivy, AWS Inspector, Azure Defender, GCP SCC GitHub Actions, Jenkins, GitLab CI/CD, Docker, Kubernetes Scripting & Automation: Proficient in Python, Bash, PowerShell (Go or Ruby a plus) Automation of penetration testing tasks and CI/CD integration Cloud & Infrastructure: Hands-on experience in AWS, Azure, GCP environments Active Directory attack techniques (e.g., Kerberoasting, Golden Ticket) Container and cloud-native attack simulation Security Frameworks: Deep knowledge of OWASP Top 10, MITRE ATT&CK, PTES, STRIDE, PASTA Familiarity with threat intelligence and APT tactics

Preferred Qualifications:

Certifications

One or more of the following:

OSCP

(Offensive Security Certified Professional)

CPENT

,

GIAC

(GPEN, GXPN, GCPN, GWAPT, GMOB)

CEH

(Certified Ethical Hacker)

Specialized Skills

Purple teaming and detection tuning Cloud-native and serverless security testing Honeypot/honeynet development Malware analysis fundamentals Threat modeling (STRIDE, OCTAVE) Experience with regulatory frameworks (NIST, PCI DSS, HIPAA, GDPR)

Personal Attributes

Strong problem-solving and critical thinking skills Excellent verbal and written communication, including reporting to technical and non-technical audiences Ability to lead, mentor, and collaborate effectively across teams Passion for offensive security, continuous learning, and responsible disclosure Adaptability to fast-paced, evolving threat environments

What's in it for you?

Aptean offers competitive pay and robust benefit plans along with the opportunity to


grow your career in a fast-paced, flexible and casual environment, an outstanding


opportunity for career development and growth.

About Aptean

At Aptean, our mission is to solve tomorrow's unique challenges today with unrivaled,


purpose-built software and superior customer experiences from people who care.


Aptean is a global provider of mission-critical, industry-specific software solutions.


Aptean' s purpose-built ERP and supply chain management solutions help address the


unique challenges facing process and discrete manufacturers, distributors and other


focused organizations. Aptean' s compliance solutions are built for companies serving


specific markets such as finance, healthcare, biotech and pharmaceuticals, over 10,000


highly specialized organizations in more than 20 industries and 80 countries rely on


Aptean to streamline their everyday operations.



"At Aptean, our global and diverse employee base is our greatest asset. It is through


embracing and understanding our differences that we are able to harness our individual


power to maximize the success of our customers, our employees and our company." -

TVN Reddy



Aptean pledges to promote a company culture where diversity, equity and inclusion are

central. We are committed to applying this principle as we interact with our customers,

build our teams, cultivate our leaders and shape a company in which any employee can

succeed, regardless of race, color, sex, national origin, sexuality and gender identity,

religion, disability or age. Celebrating our diverse experiences, opinions and beliefs

allows us to embrace what makes us unique and to use this as an asset in bringing

innovative solutions to our customer base.