Penetration Tester
Intro Paragraph:
We are seeking a motivated and technically skilled Penetration Tester to join a CREST-aligned security consulting environment that values expertise and professional growth. The company specializes in delivering high-impact cybersecurity services across critical industries, fostering a collaborative and forward-thinking culture. This role involves conducting comprehensive vulnerability assessments and penetration tests across various environments, working closely with clients to identify security gaps and recommend solutions. It is an essential position for professionals aiming to advance their careers in cybersecurity.
Role Overview:
The Penetration Tester plays a key role in executing and documenting security assessments, supporting pre-sales activities, and mentoring junior team members within the wider cybersecurity team.
Key Skills & Experience:
• Minimum 4 years of hands-on penetration testing experience
• CREST CPSA and CRT certifications preferred
• Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices
• Proficiency in scripting and automation using Python, PowerShell, or Bash
• Experience with automated security tools and manual testing techniques
• Excellent communication skills for technical reporting and client presentations
• Experience with cloud security testing (AWS, Azure, GCP)
• Understanding of DevSecOps practices and security in CI/CD pipelines
• Red Teaming, adversary emulation, or Purple Team operations familiarity
Key Responsibilities:
• Plan, execute, and document penetration tests on web apps, mobile apps, APIs, infrastructure, cloud platforms, and networks
• Conduct source code reviews to identify vulnerabilities and insecure practices
• Develop custom POC scripts and exploits
• Utilize security tools like Burp Suite, Nessus, Checkmarx, HCL AppScan, and WebInspect
• Produce detailed technical and executive reports, including risk and remediation advice
• Support pre-sales activities, including technical scoping and client briefings
• Build and maintain strong client relationships
• Mentor junior security testers and collaborate on improving testing methodologies
• Stay updated on emerging vulnerabilities and security trends
Requirements:
• Minimum 4 years of relevant penetration testing experience
• Right to work in APAC-region (on-site requirement)
• Location: On-site in APAC, with a hybrid working environment
• Employment type: Permanent, Asia-based
• Ability to manage multiple projects in a fast-paced environment
Nice to Have:
• Additional certifications such as OSCP, OSWP, HTB, CBBH, or CISSP
• Red Team experience and participation in bug bounty programs or CTFs
If you meet these criteria and are looking to develop your cybersecurity career, please apply by emailing your CV with the job title as the subject line to T.Wong@GravitasGroup.com.
