Pentester

Role Objective The primary objectives of the role are to: • Identify security vulnerabilities in external and internal infrastructure/applications. • Validate the effectiveness of existing security controls. • Ensure compliance with DORA and PCI-DSS regulations. • Provide actionable remediation guidance. Scope of Work The Penetration Tester will be responsible for conducting comprehensive penetration tests across the following areas: Asset Type Environment Notes • Web applications Staging/Prod Main customer portal, admin panels, complex business-oriented apps • Mobile applications Staging/Prod Android/iOS native apps, React Native • Cloud environment Production AWS/Azure/GCP, CIS benchmark • Thick client apps Production Desktop agents, use of API • External infra Production Firewalls, VPN gateways • Internal infra Production AD environment, database servers • APIs and microservices Staging/Prod REST API provided with Swagger Testing Methodology• Manual vs Automated: Emphasis on manual exploitation. Automated scanning should not exceed 20% of effort. • Standards: Testing must adhere to OWASP Top 10 for web/mobile apps, PTES, or OSSTMM. • Credentials: For grey-box testing, accounts will be provided (e.g., admin, user, viewer) for privilege escalation testing. Key Requirements• Proven experience in delivering high-quality pentest services to enterprise clients (at least 5 years of experience delivering pentests) and client references. • Team members with relevant certifications (e.g., OSCP, OSCE, OSWE, GPEN, GWAPT, CISSP). • High communication quality: clear verbal communication and reporting. • Ability to deliver detailed, structured, and actionable reports. • Use of industry-standard tools and methodologies.