Penetration Tester

2–4 years of hands-on experience in penetration testing across web applications, APIs, mobile, and network infrastructure. Solid knowledge of OWASP Top 10 (Web), OWASP API Security Top 10, and common vulnerability classes. Experience with penetration testing tools including Burp Suite, OWASP ZAP, Nmap, Metasploit, and Nessus/OpenVAS. Ability to perform thorough manual testing in addition to automated scanning. Understanding of network protocols, firewall rules, and common infrastructure misconfigurations. Basic knowledge of Active Directory environments and common attack techniques. Experience with both internal and external network assessments. Ability to document vulnerabilities clearly with CVSS scoring, proof of concept, and remediation guidance. Basic scripting skills in Python or Bash for automating tasks and extending tooling. Familiarity with CI/CD security concepts and integrating security scans into pipelines. Understanding of MITRE ATT&CK framework and the Cyber Kill Chain. Preferred certifications: OSWE, OSEP, OSCP, CAPE, CRTO or equivalent ones.