About Us: We are a security consulting firm building out a dedicated penetration testing team to support ongoing client engagements. Our assessments include web applications, APIs, mobile applications, cloud environments, and internal/external infrastructure. We are looking to build a core team of 8 penetration testers structured as: 2 Lead Penetration Testers 4 Senior Penetration Testers 2 Junior Penetration Testers Work will be continuous throughout the year depending on client engagements. Some periods may involve multiple simultaneous assessments, while other periods may have lighter activity between projects. Our goal is to build long-term relationships with skilled security professionals who can grow with our consulting practice. Responsibilities: - Conduct penetration testing and security assessments across web applications, APIs, mobile applications, and supporting infrastructure. - Perform both authenticated and unauthenticated testing using a combination of automated tooling and manual testing techniques. - Manually identify and exploit vulnerabilities including authentication and authorization weaknesses, injection flaws, business logic vulnerabilities, API security issues, privilege escalation paths, insecure configurations, and other real-world attack vectors. - Go beyond automated scanners to discover vulnerabilities that require manual testing techniques such as parameter manipulation, logic testing, authorization bypass attempts, input validation weaknesses, and chaining multiple issues together. - Use industry tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, SQLMap, MobSF, Frida, Drozer and other offensive security tooling as part of the testing methodology. - Document findings and produce professional penetration testing reports including clear vulnerability descriptions, proof-of-concept evidence, severity ratings (CVSS or equivalent), and actionable remediation recommendations. - Participate in vulnerability validation and retesting once clients remediate issues. - Senior and Lead testers may also assist with reviewing reports, mentoring junior testers, coordinating testing engagements, and helping refine internal testing methodology. Required Skills: - Strong experience performing penetration testing of web applications and APIs. - Experience identifying vulnerabilities aligned with OWASP Top 10 and OWASP API Security Top 10. - Experience performing manual testing techniques beyond automated vulnerability scanning. - Understanding of authentication flows, authorization models, session management, and common exploitation techniques. - Ability to clearly document findings and produce professional penetration testing reports. - Experience using common offensive security tools such as Burp Suite, Nmap, Metasploit, SQLMap, or similar. Nice to Have - Offensive security certifications such as OSCP, OSWE, CREST, or similar. - Experience with mobile application security testing (iOS / Android). - Experience with cloud security testing (AWS, Azure, GCP). - Experience with scripting or automation (Python, Bash). - Experience with source code review or bug bounty programs. Engagement Details - Flexible hours depending on testing engagements. - Continuous penetration testing throughout the year. - Opportunity for long-term collaboration with our security consulting firm. To be considered, please include the following in your proposal: - Which role you believe you are best suited for (Lead, Senior, or Junior). - Your total years of penetration testing experience. - Relevant certifications (if any). - A previous penetration testing report you have worked on (redacted reports are acceptable). - A short description of vulnerabilities you have personally discovered during manual testing. - Your experience with manual testing versus automated scanning tools. - Your availability and hourly rate.