Web Application and Network Penetration Tester Needed
Advanced Penetration Testing Lead (individual or team) with proven capability to execute **manual, exploit-driven** testing across **web apps/APIs, AWS/cloud, and internal/external networks**—beyond scanner output.
• *Specific requirements:**
• **Web/AppSec:** OWASP Top 10 + API Top 10; auth/session testing (OAuth/OIDC, SSO/SAML), RBAC/ABAC bypass, IDOR/BOLA, SSRF, deserialization, request smuggling, cache poisoning, GraphQL, multi-tenant isolation, business-logic abuse.
• **Cloud (AWS):** IAM attack paths & privilege escalation, STS/role chaining, instance metadata abuse (IMDS), EKS/ECS/container breakout, Lambda/serverless permission flaws, S3/KMS misuse, VPC endpoint/egress review, CloudTrail/GuardDuty evasion checks.
• **Network:** External perimeter + internal AD testing, segmentation validation, lateral movement, NTLM relay/Kerberos abuse, VPN/ZTNA review, DNS/PKI weaknesses.
• **Delivery standard:** Clear exploit narratives and **attack chains**, evidence (PoCs/screenshots/commands), severity tied to impact, **fix-ready** recommendations, and **retest included**.
Apply tot his job
Apply To this Job