Cybersecurity Penetration Tester

Responsibilities
Cybersecurity Penetration Tester will work with project teams to ensure applications meet our
security policies.
• Understand project deliverables and application details
• Run automated and manual security checks (not limited to tools) to uncover security
weaknesses in the system
• Propose mitigation steps for identified risks and threats
• Provide clear recommendations from a security perspective based on understanding of
application, application risk and business context, and results of checks performed.
• Work alongside with the cybersecurity community and application teams.
• Explore process, reporting and improvement in techniques
• Ability to collaborate with other penetration teams to align in knowledge, tools and techniques
Skills
• Security – Web, Mobile, API, Cloud and Container, Thick Client, Network, Operating System etc.
• Applications Development & Delivery
• Understanding or experience on any of the following is an advantage:
• Cloud Security Assessment and Security Audits of Cloud Environment
• Vulnerability Management (Process, Tools and Metrics)
• NIST Cybersecurity Framework
• Critical Security Controls (CSC)
• Expertise in DevSecOps methodologies is also an advantage.
Knowledge
12/9/25, 2:23 PM
Cybersecurity Penetration Tester
https://www.cigres.com/jobs/cybersecurity-penetration-tester-
1/4
• Pentest standards and methodologies, OWASP, SANS etc.
• Subject matter expert in web/mobile/thick client/API assessments
• Good understanding of server vulnerabilities (Linux, Windows) and hardening
• Familiarity with cloud platforms, and cloud container security
• Efficient and effective usage of pentest tools as well as demonstrate less dependency on tools.
• Experience with automation, scripting (Python, Perl, Ruby, etc.)
• Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related to
penetration testing
• Ability to translate technical security topics in a business-friendly manner
• DevSecOps implementation and supporting security tooling (SAST)
Experience & Certification
• Min 3+ years of experience in penetration testing of Web, Mobile (iOS & Android), API, Thick
client & Network.
• Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc.
• Azure / AWS security certifications is a plus.
• CISSP, CEH also a plus
Behaviors and Competencies
• Strong written and verbal communication skills, with a proven ability to communicate with
technical staff, as well as project teams, so security risks are understood in business terms
• Keep pace with standards and technologies related to security
• Requirements Gathering and Analysis
• Interpersonal Skills, proactiveness
Requirements
Responsibilities
Cybersecurity Penetration Tester will work with project teams to ensure applications meet our
security policies.
•
Understand project deliverables and application details
•
Run automated and manual security checks (not limited to tools) to uncover security
weaknesses in the system
•
Propose mitigation steps for identified risks and threats
•
Provide clear recommendations from a security perspective based on understanding of
application, application risk and business context, and results of checks performed.
•
Work alongside with the cybersecurity community and application teams.
•
Explore process, reporting and improvement in techniques
•
Ability to collaborate with other penetration teams to align in knowledge, tools and
techniques
Skills
•
Security – Web, Mobile, API, Cloud and Container, Thick Client, Network, Operating
System etc.
•
Applications Development & Delivery
•
Understanding or experience on any of the following is an advantage:
•
Cloud Security Assessment and Security Audits of Cloud Environment
•
Vulnerability Management (Process, Tools and Metrics)
•
NIST Cybersecurity Framework
•
Critical Security Controls (CSC)
•
Expertise in DevSecOps methodologies is also an advantage.
Knowledge

Cybersecurity Penetration Tester

•
Pentest standards and methodologies, OWASP, SANS etc.
•
Subject matter expert in web/mobile/thick client/API assessments
•
Good understanding of server vulnerabilities (Linux, Windows) and hardening
•
Familiarity with cloud platforms, and cloud container security
•
Efficient and effective usage of pentest tools as well as demonstrate less dependency
on tools.
•
Experience with automation, scripting (Python, Perl, Ruby, etc.)
•
Proactive interest in emerging technologies (e.g. Offensive AI) and techniques related
to penetration testing
•
Ability to translate technical security topics in a business-friendly manner
•
DevSecOps implementation and supporting security tooling (SAST)
Experience & Certification
•
Min 3+ years of experience in penetration testing of Web, Mobile (iOS & Android), API,
Thick client & Network.
•
Certifications - OSCP, OSCE, GPEN, GXPN, GICSP, GWAPT, OSWP, etc.
•
Azure / AWS security certifications is a plus.
•
CISSP, CEH also a plus
Behaviors and Competencies
•
Strong written and verbal communication skills, with a proven ability to communicate
with technical staff, as well as project teams, so security risks are understood in business
terms
•
Keep pace with standards and technologies related to security

Requirements