The Penetration Tester is responsible for identifying, exploiting, and documenting vulnerabilities across our systems, networks, and applications. This role plays a key part in strengthening our overall security posture by simulating real-world attacks, assessing risk exposure, and working with development teams to ensure vulnerabilities are properly remediated. You will think like an attacker but act as a defender — combining technical expertise, creativity, and methodical analysis to protect the integrity of our platform and the safety of our users.

Key Responsibilities

• Conduct network, web, and application penetration tests, including black-box, white-box, and gray-box assessments.
• Identify and exploit vulnerabilities to determine potential business impact.
• Perform security assessments on APIs, cloud infrastructure (AWS, CloudFlare, MongoDB Atlas, etc), and internal services.
• Simulate social engineering and phishing scenarios as part of red team exercises.
• Collaborate with engineers and system administrators to verify and validate fixes.
• Document findings clearly in structured vulnerability reports, including proof-of-concept exploits and actionable recommendations.
• Contribute to continuous improvement of internal security testing methodologies and automation.
• Stay current with emerging attack vectors, CVEs, and exploit frameworks.
• Support incident response teams during post-mortem analysis of exploited vulnerabilities.

Required

• 3+ years of experience in penetration testing, red teaming, or security assessment.
• Proficiency with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, or Kali Linux.
• Strong understanding of OWASP Top 10, network protocols, and secure coding principles.
• Proficiency with coding in Typescript.
• Experience performing manual testing beyond automated scanners.
• Solid knowledge of Linux, and cloud environments.
• Excellent documentation and communication skills.