Pentester WebAPP and API
Brak informacji o wynagrodzeniu
SeniorFull-time
#385384·Dodano 7 dni temu·2
Źródło: LinkGroupTech Stack / Keywords
APITestingiOSAndroidCloudNetworksActive DirectorySecurity
Firma i stanowisko
LinkGroup is the hiring company for this position.
Wymagania
- Approximately 5+ years of hands-on offensive security experience, ideally within a cybersecurity consultancy or multi-client delivery environment.
- Proven expertise in at least three of the following domains: web applications, network, mobile, or Active Directory testing.
- Mastery of industry-standard tools such as Burp Suite, Nmap, Metasploit, BloodHound, Impacket, CrackMapExec/NetExec, Cobalt Strike, and Frida.
- Possession of at least one of these certifications: OSCP, CRTP / CRTO, or CREST CRT / CPSA.
- Exceptional report-writing skills and fluent professional English.
Nice to have:
- Advanced certifications including OSEP, OSWE, OSED, CRTE, SANS GXPN/GWAPT, or cloud offensive certifications.
- Experience in a Big 4 firm or established boutique security consultancy.
- Hands-on experience with cloud environments such as AWS, Azure, GCP, and container technologies like Kubernetes.
- Active community presence through published research, CVEs, open-source tooling contributions, conference talks, or top CTF achievements.
Obowiązki
- Personally lead and execute end-to-end penetration tests across web applications, APIs, mobile apps (iOS/Android), cloud environments, and internal/external networks.
- Perform sophisticated Active Directory security testing including privilege escalation, lateral movement, delegation/ACL abuse, and attack path analysis.
- Write custom scripts, tooling, and proof-of-concept exploits using Python, PowerShell, and/or Bash.
- Own the entire lifecycle of assignments, from initial scoping and effort estimation to final report delivery and remediation retesting.
- Review and quality assure technical findings and reports from the team.
- Provide technical input during scoping calls and proposal creation.
- Act as the primary technical point of contact, translating complex technical risks into clear insights for developers and non-technical executives.
linkgroup
357 aktywnych ofert