Job Description

We are hiring a

hands-on Penetration Tester

to lead and execute end-to-end security assessments across Web, Infrastructure, and Cloud environments. As the technical backbone of our lean and growing VAPT practice, you'll work closely with the Security Lead and directly engage with clients to deliver meaningful, high-impact security outcomes.

Key Responsibilities:

Perform

manual and automated penetration testing

across: +

Web Applications

(based on OWASP Top 10) +

Infrastructure

(external/internal IPs, firewall review, patch audits)
+

Cloud Environments

(basic Azure/AWS - IAM, Storage, Networking)
Identify, exploit, and report on vulnerabilities such as

SSRF, RCE, IDOR, LFI, and S3 bucket exposures

Use tools such as

Burp Suite

,

Nmap

,

SQLMap

,

Nikto

,

Nessus/OpenVAS

Write high-quality, detailed

technical reports

with: + Screenshots for PoCs + Remediation guidance
+ Risk severity scoring (preferably

CVSSv3

)
Collaborate with clients to explain findings and provide actionable recommendations Contribute to toolchain improvements and lightweight automation (Python/Bash preferred)

Requirements

3-6+ years

of hands-on experience in at least

2 of the following areas

: +

Web Application Penetration Testing

(OWASP Top 10) +

Infrastructure VAPT

(internal/external, firewall, patch validation)
+

Basic Cloud VAPT

(AWS or Azure: IAM, Storage, Networking)
Proficiency in: +

Manual testing techniques

, fuzzing, and exploitation +

Burp Suite (Community or Pro)

+ Tools like

Nmap, SQLMap, Nikto, Nessus/OpenVAS

Strong understanding of common vulnerabilities and exploitation techniques

Preferred Certifications

CEH

,

eJPT

,

OSCP

(or strong portfolio/proof of hands-on skill)

AZ-500

or

AWS Security Specialty

(for cloud security exposure)

Good to Have

Familiarity with scripting for automation (Python, Bash) Exposure to

CVSSv3

for vulnerability scoring * Experience with

Dradis

,

Excel-based reporting

, or similar tools