We are looking for an experienced Penetration Tester to join our team on a contract basis. The successful candidate will perform comprehensive security assessments across web applications, APIs, mobile applications, cloud infrastructure, internal networks, and external attack surfaces.
This role is suited for an individual who enjoys offensive security, provides high-quality technical reporting, and can communicate remediation guidance clearly to clients.
Responsibilities:
- Conduct Web Application Penetration Testing
- Perform API Security Assessments
- Execute External and Internal Network Penetration Tests
- Perform Mobile Application Security Assessments (Android/iOS)
- Identify, validate, and safely exploit security vulnerabilities
- Assess authentication, authorization, session management, and business logic flaws
- Review cloud environments (AWS, Azure, GCP) where applicable
- Produce detailed technical reports with proof-of-concept evidence
- Prepare executive summaries for non-technical stakeholders
- Validate remediation efforts through retesting
- Follow industry methodologies including:
- OWASP Web Security Testing Guide (WSTG)
- OWASP Top 10
- OWASP API Security Top 10
- OWASP Mobile Application Security Testing Guide (MASTG)
- PTES
- NIST SP 800-115
Required Skills
- Minimum 2-3 years of professional penetration testing experience
- Strong understanding of:
- Web security
- API security
- Network security
- Active Directory attacks
- Ability to manually identify vulnerabilities beyond automated scanners
- Experience writing professional penetration testing reports
- Experience in Working & Coordinating with End Customers
Preferred Qualifications
- OSCP
- OSEP
- CRTO
- CRTP
- PNPT
- eCPPT
- CREST CRT/CCT
Contract
Colombo, Sri Lanka