Penetration Tester II

Summary

The Penetration Tester II conducts penetration tests across web, network, and cloud environments to identify and exploit vulnerabilities, assess impact, and produce detailed reports. This role works independently on standard assessments and collaborates with senior testers on complex engagements while participating in purple team activities.

Responsibilities

• Plan and execute reconnaissance across diverse systems and environments
• Conduct penetration tests on networks, applications, and cloud platforms
• Perform authenticated and unauthenticated testing to confirm exploitable vulnerabilities
• Exploit discovered vulnerabilities and document security impact
• Tune scanning and enumeration tools to minimize false positives
• Participate in purple team engagements and validate results
• Document findings with titles, affected assets, scope, and reproducible evidence
• Provide actionable remediation guidance and interim mitigation strategies
• Collaborate with development and infrastructure teams to validate fixes

Requirements

• 2 years of hands-on penetration testing or related security assessment experience
• Working knowledge of tools such as Cobalt Strike, Metasploit, Burp Suite, Nmap, or similar
• Understanding of network protocols, Windows, Linux, macOS, and cloud platforms
• Familiarity with Active Directory, authentication mechanisms, and exploitation techniques
• Experience with scripting languages such as Python, Bash, or PowerShell
• Strong analytical, communication, and organizational skills
• Ability to work independently and escalate when appropriate
• Bachelor's or Master's degree in IT, Computer Science, Cybersecurity or equivalent experience
• Relevant certifications such as Pentest+, CEH, GPEN, or OSCP