Penetration Tester
Pakistan
Full Time
17 hours ago
No H1B
Key skills
AWSAzureCloudCyber SecurityPythonBashPowerShellActive DirectoryOWASPPenetration TestingCloud Security
About this role
Role Overview
- Perform Active Directory penetration testing to identify privilege escalation paths, insecure configurations, and potential lateral movement opportunities.
- Conduct internal and external network penetration tests to identify vulnerabilities and weaknesses within the enterprise infrastructure.
- Perform web application penetration testing, including authentication testing, input validation, session management, and business logic testing.
- Identify and analyze security misconfigurations across systems, services, and network infrastructure.
- Conduct security audits and configuration reviews to identify gaps against security best practices and industry standards.
- Perform risk assessments by evaluating vulnerabilities, misconfigurations, and their potential business impact.
- Document security findings, misconfigurations, and vulnerabilities with clear risk ratings and remediation guidance.
- Participate in purple team engagements by simulating attacker techniques and helping SOC teams improve detection and response capabilities.
- Support threat simulation exercises based on real-world attack techniques and frameworks such as MITRE ATT&CK.
- Work closely with SOC and defensive teams to improve alerting, monitoring, and threat detection use cases.
- Assist in validating remediation efforts by performing retesting and verification of fixes.
- Prepare technical and executive-level reports summarizing findings, risks, and recommended mitigation strategies.
Requirements
- Hands-on experience in Active Directory security assessments and penetration testing
- Strong knowledge of network penetration testing methodologies
- Experience in web application security testing (OWASP Top 10)
- Understanding of security configuration reviews and misconfiguration analysis
- Experience performing vulnerability validation and risk analysis
- Hands-on experience with tools such as:
- Nmap
- Burp Suite
- Metasploit
- BloodHound
- Impacket
- CrackMapExec
- Strong understanding of Windows security architecture and AD attack techniques
- Knowledge of network protocols, authentication mechanisms, and common attack vectors
- Nice to Have
- Experience with Purple Team exercises
- Exposure to SOC operations, SIEM platforms, or security monitoring
- Familiarity with MITRE ATT&CK framework
- Scripting knowledge (Python, PowerShell, Bash)
- Exposure to cloud security assessments (Azure / AWS)
- Preferred Certifications (Optional)
- PNPT
- eCPPT
- GPEN / GWAPT
- Strong analytical and problem-solving mindset
- Ability to clearly communicate technical risks and remediation steps
- Good documentation and reporting skills
- Ability to collaborate with both offensive and defensive security teams
- Strong curiosity and passion for continuous learning in cybersecurity
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Python