Penetration Tester

Penetration Tester - Lahore

The Client Company;

Our client company is the top listed studios that working in AR and VR.

Job Description:

We are seeking a highly skilled and motivated Penetration Tester to join our dynamic security team. The ideal candidate will possess deep expertise in exploit development, reverse engineering, or OPSEC and a wide range of penetration testing domains including Cloud, Web 2.0 and 3.0 Applications, Network, AI, and API security. This role involves identifying vulnerabilities, assessing risks, and providing actionable recommendations to enhance the security posture of our organization.

Responsibilities:

• Develop and deploy custom exploits for identified vulnerabilities.
• Research and stay updated with the latest exploit techniques and methodologies.
• Contribute to the development of in-house tools for exploitation and vulnerability assessment.
• Perform static and dynamic analysis of binaries and source code.
• Develop tools and scripts to automate reverse engineering tasks.
• Conduct security assessments of cloud infrastructure and services (AWS, Azure, GCP).
• Identify misconfigurations and vulnerabilities in cloud environments.
• Provide recommendations for securing cloud architectures and deployments.
• Perform thorough security assessments of web and mobile applications.
• Identify and exploit vulnerabilities such as SQL injection, XSS, CSRF, and authentication flaws.
• Collaborate with development teams to remediate identified issues.
• Conduct internal and external network penetration tests.
• Identify and exploit vulnerabilities in network protocols, services, and configurations.
• Assess the security of network devices such as routers, switches, and firewalls.
• Perform detailed security assessments of web applications and services.
• Identify common Web vulnerabilities (OWASP Top 10) and provide remediation guidance.
• Utilize both automated tools and manual techniques for comprehensive testing.
• Assess the security of RESTful and SOAP APIs.
• Identify and exploit vulnerabilities in API endpoints and data handling processes.
• Provide recommendations for secure API design and implementation.
• Adhere to industry standards and methodologies such as OWASP, NIST, OSSTMM and ISO for penetration testing.
• Develop and maintain comprehensive documentation and reports for security assessments.
• Stay current with the latest trends, tools, and techniques in penetration testing and cybersecurity.

Requirements:

• Critical Thinking and approach of think out of the box scenarios.
• Bachelors degree in Computer Science, Cybersecurity, Information Technology, or related field.
• Relevant certifications (e.g. OSCP, OSWE, CTRO, CTRP, CPTS, ASCP, or eCPPT ) are highly desirable.
• Proven experience in exploit development and reverse engineering or OPSEC.
• Strong understanding of cloud security principles and practices.
• Proficiency in programming and scripting languages (e.g., Python, C, JavaScript).
• Extensive knowledge of web technologies, network protocols, and application security.
• Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Wireshark, C2 frameworks and others.
• Able to describe technical findings into a high level summary and present it to stakeholders.
• Excellent analytical and problem-solving skills.
• Willing to learn new concepts of cybersecurity and adopt a cybersecurity mindset.

Good to Have:

• Basic understanding of Secure SDLC and DevSecOps
• Experience in Web 3.0 security testing, including smart contract security assessments and decentralized application (dApp) penetration testing.
• Strong understanding of Solidity security best practices and Ethereum Virtual Machine (EVM) vulnerabilities, such as reentrancy, integer overflow/underflow, and access control flaws.
• Familiarity with blockchain security frameworks, auditing tools (e.g., Slither, Mythril, Echidna), and best practices for securing smart contracts and Layer 2 solutions.
• Knowledge of AI/LLM security risks based on OWASP Top 10 for LLM Applications, including prompt injection, data leakage, model manipulation, and adversarial attacks.
• Hands-on experience with LLM red teaming and securing AI-driven applications against evolving threats.



Other Details:

Working Timimgs:Monday to Friday 9:30 am - 6:30 pm
Location: DHA Phase 6 Lahore
Experience: 2-3 years

Benefits:

- Medical Insurance for the Employee and the family
- 22 Leaves
- Annual Increment
- Performance-based Bonus


About HR Ways:
"HR Ways is an Award winning Technical Recruitment Firm helping software houses and IT Product companies internationally and locally to find IT Talent. HR Ways is engaged by 300+ Employers worldwide ranging from worlds biggest SaaS Companies to most competitive Startups. We have entities in Dubai, Canada, US, UK, Pakistan, India, Saudi Arabia, Portugal, Brazil and other parts of the world. Join our WhatsApp Channel https://shorturl.at/983az to stay updated or visit www.hrways.co to know more."