Penetration Tester
ICE Consulting - Managed IT for Life Sciences
full-time
Posted on:
Location Type: Remote
Location: Pakistan
Visit company websiteExplore more
Tech Stack
About the role
- Perform Active Directory penetration testing to identify privilege escalation paths, insecure configurations, and potential lateral movement opportunities.
- Conduct internal and external network penetration tests to identify vulnerabilities and weaknesses within the enterprise infrastructure.
- Perform web application penetration testing, including authentication testing, input validation, session management, and business logic testing.
- Identify and analyze security misconfigurations across systems, services, and network infrastructure.
- Conduct security audits and configuration reviews to identify gaps against security best practices and industry standards.
- Perform risk assessments by evaluating vulnerabilities, misconfigurations, and their potential business impact.
- Document security findings, misconfigurations, and vulnerabilities with clear risk ratings and remediation guidance.
- Participate in purple team engagements by simulating attacker techniques and helping SOC teams improve detection and response capabilities.
- Support threat simulation exercises based on real-world attack techniques and frameworks such as MITRE ATT&CK.
- Work closely with SOC and defensive teams to improve alerting, monitoring, and threat detection use cases.
- Assist in validating remediation efforts by performing retesting and verification of fixes.
- Prepare technical and executive-level reports summarizing findings, risks, and recommended mitigation strategies.
Requirements
- Hands-on experience in Active Directory security assessments and penetration testing
- Strong knowledge of network penetration testing methodologies
- Experience in web application security testing (OWASP Top 10)
- Understanding of security configuration reviews and misconfiguration analysis
- Experience performing vulnerability validation and risk analysis
- Hands-on experience with tools such as:
- - Nmap
- - Burp Suite
- - Metasploit
- - BloodHound
- - Impacket
- - CrackMapExec
- Strong understanding of Windows security architecture and AD attack techniques
- Knowledge of network protocols, authentication mechanisms, and common attack vectors
- Nice to Have
- - Experience with Purple Team exercises
- - Exposure to SOC operations, SIEM platforms, or security monitoring
- - Familiarity with MITRE ATT&CK framework
- - Scripting knowledge (Python, PowerShell, Bash)
- - Exposure to cloud security assessments (Azure / AWS)
- Preferred Certifications (Optional)
- - PNPT
- - eCPPT
- - GPEN / GWAPT
- Strong analytical and problem-solving mindset
- Ability to clearly communicate technical risks and remediation steps
- Good documentation and reporting skills
- Ability to collaborate with both offensive and defensive security teams
- Strong curiosity and passion for continuous learning in cybersecurity
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Active Directory penetration testingnetwork penetration testingweb application security testingvulnerability validationrisk analysissecurity configuration reviewsauthentication testinginput validationsession managementbusiness logic testing
Soft Skills
analytical mindsetproblem-solvingcommunicationdocumentationcollaborationcuriositypassion for learning
Certifications
PNPTeCPPTGPENGWAPT