Contact us

Senior Penetration Tester

  • Remote

Description

We are seeking an experienced Senior Penetration Tester to lead our offensive security program by conducting comprehensive penetration tests and vulnerability assessments across our infrastructure, applications, and cloud environments. This role is critical in proactively identifying security weaknesses before malicious actors can exploit them. The ideal candidate will combine deep technical expertise in ethical hacking, application security testing, and cloud penetration testing with the ability to communicate findings effectively and guide remediation efforts.

Core Responsibilities:

Penetration Testing Program Development & Management:

  • Design, build, and execute a comprehensive vulnerability assessment and penetration testing program aligned with organizational risk priorities and compliance requirements
  • Develop penetration testing methodologies, standards, and procedures for various testing types (external, internal, web application, API, cloud, mobile, wireless)
  • Create annual penetration testing schedules ensuring regular coverage of critical systems, applications, and infrastructure
  • Define rules of engagement, scoping criteria, and testing boundaries for penetration testing engagements
  • Maintain and continuously improve the penetration testing toolkit and testing infrastructure
  • Track and report on penetration testing metrics including findings, remediation rates, and program effectiveness

Web Application & API Penetration Testing:

  • Conduct comprehensive security assessments of web applications built on various frameworks, with particular expertise in Ruby on Rails applications
  • Perform thorough testing of RESTful APIs, GraphQL endpoints, SOAP services, and microservices architectures
  • Identify and exploit vulnerabilities from the OWASP Top 10 including injection flaws, broken authentication, XSS, CSRF, insecure deserialization, and security misconfigurations
  • Test for business logic flaws, authorization bypasses, session management weaknesses, and application-specific vulnerabilities
  • Assess mobile application security including client-side code analysis, API security, and data storage
  • Review application source code (Ruby, Python, JavaScript, Java) to identify security vulnerabilities and provide remediation guidance
  • Test authentication and authorization mechanisms including OAuth 2.0, SAML, JWT, and session management implementations

Cloud Penetration Testing (AWS):

  • Perform regular and ad-hoc penetration tests of AWS cloud environments to validate security controls and identify misconfigurations
  • Test cloud-native applications, serverless functions (Lambda), containerized workloads (ECS, EKS), and infrastructure as code deployments
  • Assess AWS security configurations including IAM policies, security groups, S3 bucket permissions, VPC configurations, and network architectures
  • Identify cloud-specific vulnerabilities such as overly permissive IAM roles, exposed storage, insecure API gateways, and misconfigured cloud services
  • Utilize AWS security tools including GuardDuty, Security Hub, Inspector, and CloudTrail for reconnaissance and vulnerability identification
  • Test AWS-specific services including Cognito authentication, Lambda functions, API Gateway, ECS/EKS clusters, RDS databases, and ElastiCache
  • Assess container security including image vulnerabilities, runtime security, orchestration configurations, and inter-container communications
  • Evaluate disaster recovery configurations and test backup/restore security controls

Infrastructure & Network Penetration Testing:

  • Conduct internal and external network penetration tests to identify vulnerabilities in network infrastructure, systems, and services
  • Perform vulnerability assessments using automated scanning tools combined with manual validation and exploitation
  • Test security controls including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), web application firewalls (WAF), and network segmentation
  • Assess Active Directory and domain security including privilege escalation paths, Kerberos attacks, and lateral movement opportunities
  • Test wireless network security and physical security controls where applicable
  • Identify and exploit vulnerabilities in network protocols, services, and configurations

Vulnerability Research & Exploitation:

  • Identify and exploit a wide range of vulnerabilities including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), remote code execution, buffer overflows, and privilege escalation
  • Develop custom exploits and proof-of-concept code to demonstrate impact of identified vulnerabilities
  • Research emerging attack techniques, zero-day vulnerabilities, and exploitation frameworks
  • Utilize advanced exploitation techniques and post-exploitation methodologies to simulate real-world attack scenarios
  • Conduct adversary emulation based on threat intelligence and MITRE ATT&CK framework
  • Chain multiple vulnerabilities to demonstrate full attack paths and business impact

Social Engineering & Phishing Assessments:

  • Design and execute social engineering campaigns including phishing, vishing (voice phishing), and physical security assessments
  • Create realistic phishing scenarios targeting specific user groups to assess security awareness effectiveness
  • Simulate advanced persistent threat (APT) attack scenarios combining technical and social engineering techniques
  • Assess effectiveness of security awareness training and identify high-risk user populations

Security Assessment Reporting & Communication:

  • Prepare comprehensive penetration testing reports documenting findings, evidence, risk ratings, and detailed remediation recommendations
  • Clearly articulate technical vulnerabilities and their business impact to both technical teams and executive leadership
  • Present findings to development teams, security stakeholders, and management with actionable remediation guidance
  • Maintain detailed notes, screenshots, and evidence throughout testing engagements
  • Track vulnerabilities through remediation lifecycle and perform retesting to validate fixes
  • Provide metrics and dashboards showing penetration testing coverage, findings trends, and remediation progress

Collaboration & Remediation Support:

  • Work closely with development teams, cloud engineers, and security operations to understand systems being tested and provide context-specific recommendations
  • Collaborate with application security teams to review code and provide secure coding guidance
  • Partner with vulnerability management teams to prioritize remediation based on exploitability and business risk
  • Conduct threat modeling sessions with product and engineering teams during design phase
  • Provide “fix verification” testing after vulnerabilities have been remediated
  • Mentor junior security testers and share knowledge on testing techniques and tools

Cloud Security Operations & DevSecOps Integration:

  • Support deployment and maintenance of AWS cloud security controls through security testing and validation
  • Assess security of Infrastructure-as-Code (IaC) configurations including Terraform, CloudFormation, and Kubernetes manifests
  • Test security of CI/CD pipelines, container registries, and automated deployment workflows
  • Validate security of containerized environments including Docker images, Kubernetes clusters, and service mesh implementations
  • Assess security of GitOps operational models and infrastructure management through pull requests
  • Test container network isolation, pod security policies, and runtime security controls
  • Validate mutual TLS implementations across container communications
  • Assess backup and disaster recovery security controls including testing of recovery procedures across cloud regions (RTO/RPO validation)
  • Review automated security scan configurations and validate their effectiveness

Security Monitoring & Log Analysis:

  • Analyze security logs from penetration tests to understand detection capabilities and improve security monitoring
  • Collaborate with Security Operations Center (SOC) and incident response teams to validate detection rules and alert effectiveness
  • Review SIEM configurations and detection capabilities for tested attack techniques
  • Provide feedback on security monitoring gaps identified during penetration testing
  • Support incident response investigations by providing technical analysis and forensic support when needed
  • Manage and analyze centralized security logs in coordination with IT teams and Privacy Officer to identify potential vulnerabilities

Compliance & Standards Validation:

  • Conduct penetration tests aligned with compliance requirements including NIST 800-53, HIPAA Security Rule, SOC 2, PCI-DSS, and ISO 27001
  • Validate effectiveness of security controls mandated by regulatory frameworks
  • Support security audits by providing penetration test reports and evidence of control effectiveness
  • Ensure penetration testing program meets industry standards and regulatory expectations
  • Maintain compliance with ethical hacking standards and obtain necessary authorizations before testing

Continuous Improvement & Tool Development:

  • Stay current with emerging attack techniques, exploitation tools, and security research
  • Develop custom tools, scripts, and automation to improve testing efficiency and coverage
  • Contribute to open-source security tools and the broader security community
  • Participate in bug bounty programs and vulnerability disclosure initiatives
  • Research new penetration testing methodologies specific to cloud-native and modern application architectures

Required Qualifications:

Experience:

  • 5+ years of hands-on experience in penetration testing, ethical hacking, offensive security, or red team operations
  • Proven track record of successfully identifying and exploiting vulnerabilities across diverse technology stacks
  • Extensive experience conducting web application penetration tests with demonstrated expertise in Ruby on Rails application security
  • Strong background in AWS cloud security assessment and penetration testing
  • Experience performing both black-box and white-box (source code assisted) security assessments

Technical Expertise:

Programming & Scripting Languages:

  • Strong proficiency in Ruby programming language with deep understanding of Ruby on Rails framework security considerations
  • Advanced scripting skills in Python for exploit development, automation, and tool creation
  • Proficiency in Bash and PowerShell for automation and post-exploitation activities
  • Working knowledge of additional languages including Perl, JavaScript, C, and C++ for exploit development and vulnerability research
  • Ability to read and analyze source code across multiple programming languages to identify security flaws

Operating Systems:

  • Expert-level knowledge of Linux/Unix operating systems including system administration, security hardening, and privilege escalation techniques
  • Deep understanding of Windows operating system internals, Active Directory, security features, and exploitation techniques
  • Experience with macOS security assessment and testing

Network Protocols & Architecture:

  • Deep understanding of network protocols including TCP/IP, UDP, ICMP, DNS, HTTP/HTTPS, FTP, SMTP, SSH, SSL/TLS, and IPsec
  • Knowledge of network architectures, routing, switching, VLANs, and network security devices
  • Experience with network traffic analysis and packet capture/analysis
  • Understanding of wireless protocols (802.11, WPA2/WPA3) and wireless security testing

Penetration Testing Tools & Frameworks:

  • Expert proficiency with penetration testing frameworks and tools including:
    • Exploitation Frameworks: Metasploit Framework, Cobalt Strike, Empire, PowerShell Empire
    • Web Application Testing: Burp Suite Professional, OWASP ZAP, SQLmap, Commix, BeEF
    • Network Scanning: Nmap, Masscan, Zmap, Nessus, OpenVAS, Qualys
    • Network Analysis: Wireshark, tcpdump, NetworkMiner, tshark
    • Password Attacks: Hashcat, John the Ripper, Hydra, Medusa
    • Post-Exploitation: Mimikatz, BloodHound, SharpHound, PowerSploit
    • Cloud Security Tools: ScoutSuite, Prowler, Pacu, CloudMapper, CloudSploit
  • Experience building custom testing tools and exploits

Exploitation Techniques & Vulnerability Types:

  • Deep expertise in identifying and exploiting web application vulnerabilities:
    • SQL injection (blind, time-based, error-based, union-based)
    • Cross-Site Scripting (XSS) – reflected, stored, DOM-based
    • Cross-Site Request Forgery (CSRF)
    • Server-Side Request Forgery (SSRF)
    • XML External Entity (XXE) injection
    • Insecure deserialization
    • Authentication and session management flaws
    • Authorization and access control bypasses
    • Business logic vulnerabilities
    • API security weaknesses
  • Knowledge of system-level exploitation including:
    • Buffer overflows and memory corruption vulnerabilities
    • Privilege escalation (Windows and Linux)
    • Remote code execution vulnerabilities
    • Kernel exploits and rootkits
  • Advanced post-exploitation techniques including:
    • Credential dumping and pass-the-hash/pass-the-ticket
    • Lateral movement and pivoting
    • Persistence mechanisms
    • Data exfiltration techniques
    • Anti-forensics and evasion techniques

Cloud Security (AWS):

  • Expert-level knowledge of AWS cloud security and penetration testing methodologies specific to cloud environments
  • Deep understanding of AWS services and their security implications:
    • Compute: EC2, Lambda, ECS, EKS, Fargate
    • Storage: S3, EBS, EFS, Glacier
    • Database: RDS, DynamoDB, Aurora, ElastiCache
    • Networking: VPC, Route 53, CloudFront, API Gateway, Load Balancers
    • Security Services: IAM, Security Hub, GuardDuty, Inspector, Cognito, KMS, Secrets Manager, CloudTrail, Config
    • Container Services: ECR, ECS, EKS
  • Experience testing cloud-native applications, serverless architectures, and microservices
  • Knowledge of cloud misconfigurations, privilege escalation paths, and cloud-specific attack vectors
  • Understanding of container security including Docker, Kubernetes security testing, and orchestration vulnerabilities
  • Familiarity with Infrastructure-as-Code security assessment (Terraform, CloudFormation)

Web Application Security:

  • In-depth knowledge of OWASP Top 10 vulnerabilities and web application security testing methodologies
  • Strong understanding of web application architectures including MVC frameworks, single-page applications (SPAs), and microservices
  • Expertise in Ruby on Rails-specific vulnerabilities including mass assignment, unsafe SQL, weak parameters, session handling, and YAML deserialization
  • Experience testing RESTful APIs, GraphQL endpoints, and SOAP web services
  • Knowledge of authentication protocols (OAuth 2.0, SAML, OpenID Connect, JWT) and their security weaknesses
  • Understanding of modern web security controls including CSP, SameSite cookies, CORS, and security headers

Security Technologies:

  • Working knowledge of enterprise security technologies:
    • Firewalls (next-generation, application-layer)
    • Virtual Private Networks (VPN) – IPsec, SSL/TLS VPN
    • Intrusion Detection/Prevention Systems (IDS/IPS)
    • Web Application Firewalls (WAF) – AWS WAF, ModSecurity
    • Security Information and Event Management (SIEM)
    • Endpoint Detection and Response (EDR)
    • Data Loss Prevention (DLP)
  • Understanding of encryption technologies, PKI, and certificate management

Compliance & Standards:

  • Working knowledge of security standards and compliance frameworks:
    • NIST 800-53 security controls and testing requirements
    • HIPAA Security Rule requirements for healthcare data protection
    • SOC 2 Type II penetration testing requirements
    • PCI-DSS penetration testing standards (Requirement 11.3)
    • OWASP Testing Guide and OWASP ASVS
    • PTES (Penetration Testing Execution Standard)
    • MITRE ATT&CK framework for adversary emulation
  • Experience conducting security assessments and audits to validate compliance

Preferred Qualifications:

Certifications:

  • Offensive Security Certified Professional (OSCP) – highly preferred
  • GIAC Web Application Penetration Tester (GWAPT)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Web Expert (OSWE)
  • GIAC Penetration Tester (GPEN)
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • Certified Ethical Hacker (CEH)
  • AWS Certified Security – Specialty
  • Offensive Security Experienced Penetration Tester (OSEP)
  • Burp Suite Certified Practitioner (BSCP)

Additional Skills:

  • Experience with red team operations and adversary simulation
  • Contributions to security research, CVE discoveries, or exploit development
  • Participation in bug bounty programs with demonstrated success
  • Experience with reverse engineering and binary analysis
  • Knowledge of mobile application security testing (iOS, Android)
  • Familiarity with industrial control systems (ICS/SCADA) or IoT security testing
  • Understanding of blockchain and smart contract security
  • Experience with physical security assessments and social engineering
  • Active participation in CTF competitions or security conferences
  • Contributions to open-source security tools

Key Competencies:

  • Technical Mastery: Deep technical expertise across operating systems, networks, applications, and cloud platforms with proven ability to identify and exploit complex vulnerabilities
  • Ethical Mindset: Strong ethical foundation and integrity with commitment to responsible disclosure and testing within authorized boundaries
  • Analytical Thinking: Exceptional problem-solving skills with creative approach to identifying attack paths and chaining vulnerabilities
  • Attention to Detail: Meticulous documentation of findings, reproduction steps, and evidence collection
  • Communication Excellence: Outstanding ability to articulate complex technical vulnerabilities clearly to both technical teams and non-technical stakeholders including executives
  • Collaboration: Proven ability to work effectively with development teams, security engineers, and business stakeholders to drive remediation
  • Persistence: Tenacious approach to testing with determination to thoroughly assess systems and identify subtle vulnerabilities
  • Continuous Learning: Passion for staying current with emerging attack techniques, exploitation tools, and security research
  • Time Management: Ability to manage multiple concurrent testing engagements and deliver high-quality reports on schedule
  • Business Acumen: Understanding of business risk and ability to prioritize findings based on real-world exploitability and impact

What We Offer:

  • Opportunity to lead offensive security program and directly improve organizational security posture
  • Work with cutting-edge cloud technologies, modern application stacks, and diverse technical environments
  • Collaborative culture that values security research and continuous learning
  • Professional development including advanced certifications, training, and security conference attendance
  • Access to premium penetration testing tools and dedicated testing infrastructure
  • Exposure to challenging security problems across cloud-native architectures
  • Meaningful impact protecting critical systems and sensitive data from real-world threats

Join our team and play a critical role in proactively identifying and eliminating security vulnerabilities before adversaries can exploit them.

To apply for this job email your details to mahesht@smacforce.com

Apply for this Job

We are ready to help you gain

Talk to our expert

Follow us on

Linkedin
SMACFORCE LLC
Company
IT & Services
Staff Augmentation
  • Digital Transformation
  • Project Management
  • Digital Crisis Management
  • IT Service Management
  • Platform consulting
  • Enterprise IT consulting
Industries
  • Healthcare
  • Manufacturing
  • Professional Services
  • Banking and Financial Services
  • Insurance Retail
  • Transportation and Logistics
  • Telecommunications
  • Oil & Gas

© 2022 SMAC FORCE, Inc. All Rights Reserved.