Role & seniority: Penetration Tester; security team member reporting to Assessment Team Lead; 2–3 years professional experience preferred.

Stack/tools: AWS (EC2, S3, KMS, RDS) with Azure & GCP equivalents; API, Mobile, Web, and Cloud pen tests; scripting in Python/Perl/Go/Ruby; penetration tools; Wireshark, tcpdump; threat replication concepts.

Top 3 responsibilities

Conduct security audits, network pen tests, and web/API/cloud assessments.
Draft security assessment reports with findings and evidence; provide walkthroughs.
Provide guidance to clients to fix/reduce security risks and support security awareness (including social engineering).

Must-have skills

2–3 years of professional security testing experience.
Proficiency with AWS services and cloud security best practices; Azure/GCP familiarity.
Penetration testing for API, Mobile, Cloud, and Web apps; scripting ability; hands-on tool proficiency.
Strong written and oral communication; ability to produce comprehensive reports.
Understanding of IP networking (subnetting, routing, switching) and current security tooling.

Nice-to-haves

Experience building/developing server or application technologies.
Advanced cloud security expertise across providers; threat behavior replication.
Additional certifications or in-depth experience with security software suites.
Location & work type: Location and employment type not specified.

Full Description

The Penetration Tester is responsible for working as part of the Assessment Team to conduct and participate in offensive and defensive security projects for OccamSec and its clients. This individual will work as part of a security team and report to an Assessment Team Lead.

Job Responsibilities

Conduct security audits, network penetration tests, and web application, API and cloud assessments.
Draft security assessment reports that outline findings and provide a walkthrough of the assessment performed with evidence provided appropriately.
Use social engineering to identify improvement for security awareness and education.
Provide guidance and recommendation to clients on ways to fix or reduce security risks to their networks and products.
Operate as part of a team on larger, more complex projects with oversight from senior team members.
Operate independently on projects within defined-skill set, with oversight from a Project Manager.
Maintain proficiency in current security tools and skills.

Experience

Candidates with at least 2-3 years of professional experience are preferred.
Proficient in working with AWS services like EC2, S3, KMS, RDS, or similar services on Azure & GCP, with a focus on implementing security best practices.
Skilled in conducting penetration tests for API, Mobile, Cloud, and Web Applications.
Familiarity with scripting languages such as Python, Perl, Go or Ruby.
Hands-on experience in building or developing Server or Application Technologies.
Utilized penetration tools effectively in various scenarios.
Applied expertise in replicating threat behaviors.
Proficient in using packet analyzer tools like Wireshark and tcpdump.
Sound understanding of IP network protocols, sub-netting, routing, switching, etc.
Extensive background in penetrating and exploiting secure networks and systems, staying updated with the latest security software packages, protocols, and computer technologies.
Excellent written and oral communication skills, with a proven track record in generating comprehensive reports and assessments.
Benefits
Flexible working hours;
Competitive health packages;
Life insurance;
401k plan with company contributions
Maternity and parental leave;
On-the-job training opportunities; and
Paid, flexible vacation.