Supervisor Security Testing (Penetration Testing)

Overview:

We are looking for a highly capable and motivated Security Testing Supervisor to support and lead hands-on penetration testing efforts across infrastructure, applications, and enterprise systems. This role involves executing detailed technical assessments, coordinating with cross-functional teams, and contributing to the continuous improvement of the organizations offensive security capabilities.

Key Responsibilities:

• Perform hands-on penetration testing and vulnerability assessments on:

• Web applications, mobile apps (iOS/Android), cloud platforms, and internal networks
• Active Directory and endpoint environments
• APIs, firmware, and enterprise systems

• Utilize industry-standard security tools such as:

• Burp Suite Pro, Nmap, Metasploit, Nessus, Acunetix, Cobalt Strike, etc.

• Apply penetration testing frameworks and methodologies:

• OWASP Top 10, MITRE ATT&CK, PTES, NIST SP 800-115

• Conduct manual exploitation and advanced techniques to simulate real-world attacks and identify weaknesses in detection and response.
• Participate in secure code reviews and security architecture assessments where required.
• Document findings and deliver high-quality technical reports and executive summaries.
• Collaborate with application owners, developers, and infrastructure teams to ensure timely remediation and secure deployment.

Required Qualifications:

• Bachelors degree in Computer Science, Information Security, or a related technical discipline.
• Minimum of 3+ years of experience in penetration testing, ethical hacking, or application security.
• Proficiency in using offensive security tools and manual testing techniques.
• Solid understanding of application, network, and mobile security principles.
• Experience testing cloud environments and APIs is a strong advantage.

Preferred Skills & Experience:

• Strong knowledge in using:

• Burp Suite (Pro), OWASP ZAP, Metasploit, Nessus, Wireshark

• Familiarity with scripting or automation in: Python, Bash, or PowerShell
• Experience with secure development practices and DevSecOps principles
• Exposure to mobile app testing tools and dynamic analysis
• Knowledge of red teaming or threat emulation exercises is a plus

Certifications (Preferred):

• One or more of the following:

• OSCP, eWPT, GWAPT, GMOB, CEH, eMAPT, OSWE, CISSP