Senior Supervisor Security Testing (Penetration Testing)

Overview:

We are seeking an experienced and highly skilled Senior Supervisor in Security Testing to lead and execute comprehensive penetration testing activities across a variety of platforms, including network infrastructure, web and mobile applications, cloud environments, and enterprise systems. This role is critical in identifying and mitigating vulnerabilities through full-scope assessments, including discovery, exploitation, and secure coding analysis.

Key Responsibilities:

• Perform advanced penetration testing across diverse environments including:

• Web and Mobile Applications (iOS, Android)
• Network Infrastructure
• Active Directory and internal enterprise systems
• Cloud platforms (AWS, Azure, GCP)
• IoT, Firmware, and APIs

• Utilize leading penetration testing and security tools such as:

• Burp Suite Pro (with plugin integrations), Metasploit, Nmap, Nessus, Acunetix, Cobalt Strike

• Apply offensive security techniques, red teaming methodologies, and frameworks such as:

• OWASP Top 10, MITRE ATT&CK, PTES, NIST SP 800-115

• Conduct reverse engineering of mobile apps including obfuscated and anti-emulator protected apps.
• Perform secure code reviews and design-level application security assessments across technologies including:

• Web services (REST/SOAP), SaaS platforms, thick clients, and microservices.

• Develop and deliver clear, concise technical and executive-level reporting and presentations.
• Simulate real-world attack scenarios to assess and improve detection and response capabilities.
• Collaborate with development, architecture, and risk teams to recommend and validate mitigation strategies.

Required Qualifications:

• Bachelors degree in Computer Science, Cybersecurity, or a related technical field.
• Minimum of 4 years hands-on experience in penetration testing or offensive security roles.
• Strong knowledge of security testing methodologies and manual testing techniques.
• Practical experience in red teaming and offensive testing of:

• Web applications, Mobile apps, Infrastructure, Cloud, and AD environments.

• Familiarity with scripting and automation tools for offensive security (Python, Bash, PowerShell, etc.).

Preferred Skills & Experience:

• Expertise in tools like:

• Burp Suite Pro (with BApp Store plugins), Cobalt Strike, Metasploit, OWASP ZAP, Nmap, Nessus, Wireshark

• Experience with reverse engineering, mobile application security bypass, and dynamic analysis.
• Familiarity with secure SDLC, DevSecOps, and CI/CD security integration.
• Exposure to threat modeling, fuzzing, and static/dynamic application security testing (SAST/DAST).
• Programming/Scripting: Python, JavaScript, Java, C/C++, C#, Bash, PowerShell, or Assembly.

Certifications (Preferred):

• One or more of the following are strongly desired:

• OSCP, OSWE, OSCE, OSEP
• GWAPT, GMOB, eWPT, eMAPT, eCPTX
• CEH, CISSP, GIAC GPEN/GXPN, GREM