Security Specialist

We are an RnD organization with high focus on security. Our Red team conducts thorough security assessments, provides actionable remediation guidance, and helps clients build resilient security programs., We are seeking an experienced Penetration Tester to join our offensive security team. The ideal candidate will perform hands-on penetration tests across web applications, APIs, cloud environments, networks, and internal systems, create clear technical reports, and work closely with clients and internal teams to prioritize and remediate findings., * Plan and execute penetration tests and security assessments for web applications, APIs, network infrastructure, cloud (AWS, Azure, GCP), and internal environments.

• Conduct threat modeling and attack surface analysis to define realistic test scopes and objectives.
• Exploit vulnerabilities safely to demonstrate business impact and validate findings.
• Develop proof-of-concept exploits, custom scripts, and lightweight tools when necessary.
• Perform privilege escalation, pivoting, and persistence testing in controlled environments.
• Produce clear, well-structured technical reports including risk ratings, evidence, remediation guidance, and executive summaries.
• Present findings to technical and non-technical stakeholders; run remediation workshops and retests.
• Keep up to date with emerging attack techniques, vulnerability disclosures, and defensive controls.
• Contribute to internal tooling, playbooks, and knowledge sharing.
• Follow legal, ethical, and client-specified rules of engagement and maintain strict confidentiality.

Do you have experience in Terraform?, * Strong understanding of web application security (OWASP Top 10), common vulnerabilities (XSS, SQLi, SSRF, RCE, IDOR), exploitation techniques, linux OS, containerization, and Kubernetes infrastructure.

• Experience testing cloud environments (IAM misconfigurations, excessive privileges, server-side issues) and familiarity with cloud security best practices.
• Solid knowledge of network protocols, host-based security, lateral movement techniques, and common enterprise technologies (Windows AD, LDAP).
• Proficiency with common tools: OWASP Zap, Burp Suite, Nmap, Metasploit.
• Strong technical writing skills and experience producing professional assessment reports.
• Ability to communicate complex technical findings to non-technical stakeholders.
• Demonstrated adherence to ethical guidelines and safe exploitation practices.
• Experience writing custom scripts using Python, Bash, or PowerShell.
• Deep understanding on IAM and secret management tools (Vault, Keycloack, etc)

Other Qualifications and Certifications:

• OSCP, OSWE, CPTS, CEH Practical or similar…
• Experience with red team operations, adversary simulation, or blue/purple team collaboration.
• Familiarity with CI/CD pipelines, container orchestration (Kubernetes), and IaC security issues(Terraform or ansible).
• Experience with vulnerability management platforms, bug bounty triage, or secure code review.
• Experience in securely exposing Kubernetes services using Service Mesh technologies such as Istio, Kong or Linkerd, with proxies like Envoy.
• Experience developing web applications with React, JavaScript, HTML5.
• Troubleshooting skills and the ability to interpret logs (system, application, and security) to identify, correlate, and resolve issues.
• Familiarity with distributed storage solutions like S3, CEPH.