Pentester

Role ObjectiveThe primary objectives of the role are to:Identify security vulnerabilities in external and internal infrastructure/applications.Validate the effectiveness of existing security controls.Ensure compliance with DORA and PCI-DSS regulations.Provide actionable remediation guidance.Scope of WorkThe Penetration Tester will be responsible for conducting comprehensive penetration tests across the following areas:Asset Type Environment NotesWeb applications Staging/Prod Main customer portal, admin panels, complex business-oriented appsMobile applications Staging/Prod Android/iOS native apps, React NativeCloud environment Production AWS/Azure/GCP, CIS benchmarkThick client apps Production Desktop agents, use of APIExternal infra Production Firewalls, VPN gatewaysInternal infra Production AD environment, database serversAPIs and microservices Staging/Prod REST API provided with SwaggerTesting MethodologyManual vs Automated: Emphasis on manual exploitation. Automated scanning should not exceed 20% of effort.Standards: Testing must adhere to OWASP Top 10 for web/mobile apps, PTES, or OSSTMM.Credentials: For grey-box testing, accounts will be provided (e.g., admin, user, viewer) for privilege escalation testing.Key RequirementsProven experience in delivering high-quality pentest services to enterprise clients (at least 5 years of experience delivering pentests) and client references.Team members with relevant certifications (e.g., OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP).High communication quality: clear verbal communication and reporting.Ability to deliver detailed, structured, and actionable reports.Use of industry-standard tools and methodologies.