As a Penetration Testing Engineer, you will lead efforts to uncover and evaluate security weaknesses in applications, servers, and network infrastructure. Your work will focus on proactively testing systems through simulated attacks to ensure resilience against real-world threats.
Key Responsibilities
- Perform comprehensive penetration tests on web and mobile applications, APIs, and internal enterprise systems
- Analyze business workflows and transaction patterns to assess associated security risks
- Identify and classify vulnerabilities using industry-standard frameworks and tools
- Deliver clear, technical reports that detail risk severity, potential business impact, and practical remediation steps
- Communicate findings effectively to engineering teams and leadership stakeholders
- Support incident response by investigating attack methods and contributing to forensic analysis
- Track emerging threats, CVEs, and adversarial tactics to refine testing approaches
Qualifications
- Degree in Computer Science, Information Security, or a related discipline
- Strong grasp of offensive and defensive security principles across web, network, and application layers
- Hands-on experience with tools including Burp Suite, SQLMap, Nmap, and Metasploit
- Working knowledge of common vulnerabilities such as those in the OWASP Top 10, log4j, fastjson, and middleware platforms like nginx, Apache, and Tomcat
- Proficiency in scripting languages like Python and Shell for automation and incident analysis
- Understanding of blockchain technology and its security implications
- Experience in cyber defense competitions or national-level exercises is a plus
