Talent.com
This job offer is not available in your country.
Penetration Tester

Penetration Tester

XebiaEluru, IN
18 days ago
Job description

Key Responsibilities

Penetration Testing (Primary Focus) :

  • Perform manual and automated penetration testing on web applications, APIs, infrastructure, and cloud-hosted environments.
  • Conduct red team / purple team exercises to simulate advanced threat actor behavior using frameworks like MITRE ATT&CK.
  • Identify security flaws, misconfigurations, and business logic vulnerabilities across hybrid and cloud environments.
  • Use tools such as Burp Suite, Nmap, Metasploit, Cobalt Strike, and custom scripts to simulate attacks.
  • Provide detailed reports with risk ratings, technical impact, and remediation recommendations.
  • Collaborate with DevOps and application teams to validate, reproduce, and remediate identified issues.
  • Continuously research and adopt emerging offensive techniques, vulnerabilities, and toolsets.

Cloud Security (Secondary but Required) :

  • Assess cloud environments (Azure, AWS, GCP) for security weaknesses, including exposed services, misconfigured IAM, and insecure storage.
  • Assist in secure design reviews and threat modeling for cloud-native workloads.
  • Use tools like Microsoft Defender for Cloud, Prisma Cloud, Wiz, or ScoutSuite to identify misconfigurations.
  • Automate detection of insecure infrastructure via Infrastructure-as-Code (Terraform, Bicep, etc.).
  • Support incident response activities related to cloud-based threats and unauthorized access.
  • Compliance and Governance Support :

  • Understand and apply security testing methods aligned with :
  • HIPAA (for healthcare application testing),
  • PCI-DSS (for applications storing / processing cardholder data), and
  • NESA (UAE-specific cybersecurity baseline).
  • Participate in security audits and assessments by providing technical evidence and findings.
  • Maintain documentation for vulnerability management, security testing scope, and remediation tracking.
  • Required Skills and Experience

  • 2+ years of hands-on experience in penetration testing and offensive security engagements.
  • Deep understanding of application security testing, OWASP Top 10, and real-world exploit techniques.
  • Experience testing cloud workloads (Azure, AWS, or GCP) from an attacker's perspective.
  • Familiarity with red / purple teaming, lateral movement, privilege escalation, and post-exploitation techniques.
  • Strong proficiency with tools like Burp Suite Pro, Nmap, Metasploit, Cobalt Strike, etc.
  • Scripting experience with Python, PowerShell, or Bash to develop custom tools and automate testing.
  • Exposure to SIEM, CSPM, and EDR platforms for identifying and responding to test detections.
  • Preferred Certifications (Offensive & Cloud Focused)

  • Penetration Testing / Offensive Security :
  • OSCP (Offensive Security Certified Professional)
  • OSEP / OSCE / GPEN / GWAPT / CRTO
  • CEH (Certified Ethical Hacker – practical)
  • Cloud Security (Supplementary) :
  • Microsoft Certified : Azure Security Engineer Associate
  • AWS Certified Security – Specialty
  • Google Cloud Professional Security Engineer
  • Compliance (Optional but Useful) :
  • CISSP, CCSP, or CISM
  • Certified HIPAA Professional (CHP), PCI ISA
  • Familiarity with UAE’s NESA compliance standards
  • Create a job alert for this search

    Penetration Tester • Eluru, IN