The Digital Security (Penetration Tester) will participate in a variety of security engagements, focusing on targets that may include servers, applications, APIs, mobile devices, and other information systems. The role involves utilizing a wide range of tools and techniques, including penetration testing, red teaming, and social engineering exercises, to identify and assess security vulnerabilities. This position will be part of the CISO Office and will support cybersecurity initiatives across organization.
Responsibilities:
- Conduct scheduled and ad-hoc security scans using tools such as Nessus, Web Inspect, Source Code Analyzer, and Burp Suite to identify critical vulnerabilities across networks, systems, and applications, while collaborating with application owners to validate findings, reduce false positives, track remediation actions, and provide vulnerability trend and risk reporting.
- Perform web and mobile application security testing based on OWASP standards, identifying vulnerabilities such as input validation issues, broken access control, session management flaws, cross-site scripting, SQL injection, and misconfigurations, while staying current with OWASP Top 10 and emerging security threats.
- Execute manual and automated penetration testing across servers, web applications, APIs, mobile applications, and other systems, including vulnerability assessments such as injection flaws, privilege escalation, fuzzing, and buffer overflow testing, while developing scripts to enhance testing accuracy and minimize false positives
- Prepare high-quality technical documentation and reports for both technical and non-technical stakeholders, develop and maintain testing report templates, work closely with application development teams, and clearly communicate VAPT findings with recommended remediation actions.
Requirements:
- Bachelor’s degree in Information Security, Cyber Security, Risk Management, Compliance, or related field.
- Minimum 6 years of relevant experience in cybersecurity, penetration testing, or vulnerability management roles.
- At least 3 years of experience in Application Security and Vulnerability Assessment & Penetration Testing (VAPT).