• Carry out Penetration Tests both onsite, at client locations and remotely, depending on the requirements of the project.

• Utilise, develop and execute customized test plans, methodologies, and tools for penetration testing, focusing on both network and application layers, tailored to the client’s specific needs and requirements. Follow leading testing standards and methodologies such as OWASP and NIST.

• Evaluate system architectures and designs to identify potential security flaws and provide strategic recommendations for risk mitigation.

• Collaborate closely with clients and their development teams to gain a deep understanding of the architecture, codebase, and underlying technologies, offering guidance on issue remediation and secure coding practices.

• Utilise a wide range of manual and automated tools to conduct penetration testing.

• Prepare detailed and comprehensive reports documenting identified vulnerabilities, their potential impact, and actionable remediation strategies, effectively communicating findings to clients.

• Stay abreast of the latest security threats, vulnerabilities, and attack vectors, proactively advising clients on emerging risks and recommending appropriate countermeasures.

• Collaborate with cross-functional teams of security professionals to implement tailored security best practices and guide clients in the secure development and deployment of applications and systems.

• Provide expert support during security incident response activities, assisting clients in investigating and remediating mobile app security incidents.

Requirements:

• Excellent written and verbal communication skills, with the ability to convey technical concepts in a clear and concise manner to both technical and non-technical clients.

• Degree in Computer Science, Information Security, or experience in a related field.

• Relevant industry certifications (e.g., OSCP, PNPT, CREST CPSA,CRT accredited certs, SANS) and/or experience in mobile applications, thick client applications, Citrix and Secure Code Review are highly desirable.

• Proven track record as a Penetration Tester, with significant experience in web and mobile application, infrastructure and API security testing. A minimum of 2 years of experience in professional penetration testing is required.

• Extensive expertise in security vulnerabilities, threats, and attack vectors, coupled with a thorough understanding of industry best practices and standards (e.g., OWASP, NIST, PTES).

• Solid understanding of application frameworks and architectures, operating systems (Windows, Unix), and underlying technologies.

• Hands-on experience performing mobile application penetration testing across Android and iOS platforms is highly desirable, including analysis of mobile app architectures, secure storage, authentication mechanisms, and inter-app communication.

• Proficiency in using cutting-edge penetration testing tools and frameworks (e.g., Burp Suite Professional, Nmap, Nessus, Metasploit, SoapUI/Postman/ReadyAPI).

• Strong understanding of programming and scripting (e.g., Python, Bash) to automate testing processes and develop custom scripts tailored to client’s specific needs is a plus.

• Demonstrated ability to work independently and collaboratively within a team, effectively managing multiple testing engagements, meeting deadlines, and delivering high-quality results.