Perform penetration tests of web applications, mobile applications, and infrastructure (internal and external)
Identify, analyze, and report vulnerabilities along with remediation recommendations
Develop realistic attack scenarios (manual and partially automated)
Collaborate with development and DevOps teams to improve security posture
Support threat modeling and security architecture reviews
Contribute to the development of internal tools and testing standards
Mentor junior and mid-level team members.

Requirements

Minimum 5 years of hands-on experience in penetration testing
Strong knowledge of web application security (e.g., OWASP Top 10, ASVS, OWASP Top 10 API)
Experience in mobile application testing (Android/iOS)
Solid understanding of infrastructure security (networks, systems, Active Directory, cloud)
Proven ability to manually exploit vulnerabilities
Familiarity with tools such as Burp Suite, Metasploit, Nmap, Nessus, MobSF, Frida or similar
Ability to produce clear technical and executive-level reports
Strong analytical skills and an “attacker mindset”
Nice to Have: Industry certifications (e.g., OSCP, OSWE, OSEP or similar)
Knowledge of cloud environments (Azure, AWS, GCP) from a security perspective
Experience in secure code review or SSDLC.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

penetration testingweb application securitymobile application testinginfrastructure securityvulnerability exploitationsecure code reviewSSDLCthreat modelingsecurity architecture

Soft Skills

analytical skillsmentoringcollaborationreport writingattacker mindset

Certifications

OSCPOSWEOSEP