Penetration Tester / Application Security Analyst

Position Description :

We are seeking a skilled and detail-oriented Penetration Tester to join our cybersecurity team. This role involves performing manual security assessments across web, mobile, API, and network environments, identifying vulnerabilities, and collaborating with cross-functional teams to enhance security posture. The ideal candidate will have hands-on experience with tools like Burp Suite, a deep understanding of threat modeling, and a passion for staying ahead of emerging threats.

Your future duties and responsibilities :

• Conduct manual penetration testing on web, mobile, API, and network systems.
• Utilize tools such as Burp Suite for vulnerability discovery, exploitation, and documentation.
• Identify, validate, and reproduce application and infrastructure vulnerabilities.
• Perform threat modeling and risk assessments to uncover potential attack vectors.
• Document findings with clear evidence, risk ratings, and actionable remediation guidance.
• Collaborate with development, DevSecOps, and security teams to promote secure coding and design practices.
• Stay current with OWASP Top 10, SANS CWE Top 25, and evolving threat landscapes.

Ensure testing aligns with industry standards and compliance frameworks including :

OWASP ASVS v5

NIST -

ISO / IEC /

PCI DSS (as applicable)

Required qualifications to be successful in this role :

3+ years of experience in penetration testing and vulnerability assessment.

Strong command of manual testing techniques and exploitation strategies.

Proficiency in Burp Suite (Pro / Community) and its modules (Intruder, Repeater, etc.).

Scripting knowledge in Python, Bash, PowerShell, or JavaScript.

Familiarity with secure coding practices and integrating security into SDLC / CI-CD pipelines.

Solid understanding of CVEs, CVSS scoring, and vulnerability databases.

Experience in delivering technical reports and communicating findings to diverse audiences.

Technical Skills :

Certifications such as OSCP, CEH, GWAPT, GPEN, or Burp Suite Certified Practitioner.

Experience with DAST / SAST tools and security automation.

Exposure to cloud security testing (AWS, Azure, GCP).

Understanding of regulatory frameworks like NIS2, GDPR, HIPAA, MDR (especially for healthcare domains).

Strong analytical and problem-solving abilities.

Excellent verbal and written communication.

Self-motivated with the ability to work independently and in team settings.

Meticulous attention to detail and commitment to quality.

Skills :

Nessus