Senior Supervisor Security Testing (Penetration Test)

About the role

Overview:
We are seeking an experienced and highly skilled senior supervisor in security testing to lead and execute comprehensive penetration testing activities across a variety of platforms, including network infrastructure, web and mobile applications, cloud environments, and enterprise systems. This role is critical in identifying and mitigating vulnerabilities through full-scope assessments, including discovery, exploitation, and secure coding analysis.

Key responsibilities:

• Perform advanced penetration testing across diverse environments including:
• Web and mobile applications (iOS, Android)
• Network infrastructure
• Active Directory and internal enterprise systems
• Cloud platforms (AWS, Azure, GCP)
• IoT, firmware, and APIs
• Utilize leading penetration testing and security tools such as:
• Burp Suite Pro (with plugin integrations), Metasploit, Nmap, Nessus, Acunetix, Cobalt Strike
• Apply offensive security techniques, red teaming methodologies, and frameworks such as:
• OWASP Top 10, MITRE ATT&CK, PTES, NIST SP 800-115
• Conduct reverse engineering of mobile apps including obfuscated and anti-emulator protected apps.
• Perform secure code reviews and design-level application security assessments across technologies including:
• Web services (REST/SOAP), SaaS platforms, thick clients, and microservices.
• Develop and deliver clear, concise technical and executive-level reporting and presentations.
• Simulate real-world attack scenarios to assess and improve detection and response capabilities.
• Collaborate with development, architecture, and risk teams to recommend and validate mitigation strategies.

Required qualifications:

• Bachelor's degree in computer science, cybersecurity, or a related technical field.
• Minimum of 4 years hands-on experience in penetration testing or offensive security roles.
• Strong knowledge of security testing methodologies and manual testing techniques.
• Practical experience in red teaming and offensive testing of:
• Web applications, mobile apps, infrastructure, cloud, and AD environments.
• Familiarity with scripting and automation tools for offensive security (Python, Bash, PowerShell, etc.).

Preferred skills & experience:

• Expertise in tools like:
• Burp Suite Pro (with BApp Store plugins), Cobalt Strike, Metasploit, OWASP ZAP, Nmap, Nessus, Wireshark
• Experience with reverse engineering, mobile application security bypass, and dynamic analysis.
• Familiarity with secure SDLC, DevSecOps, and CI/CD security integration.
• Exposure to threat modeling, fuzzing, and static/dynamic application security testing (SAST/DAST).
• Programming/scripting: Python, JavaScript, Java, C/C++, C#, Bash, PowerShell, or Assembly.

Certifications (preferred):

• One or more of the following are strongly desired:
• OSCP, OSWE, OSCE, OSEP
• GWAPT, GMOB, eWPT, eMAPT, eCPTX
• CEH, CISSP, GIAC GPEN/GXPN, GREM