SecuritySMBEnterprise

Penetration Tester / Ethical Hacker

[Company Name] is seeking a Penetration Tester to proactively identify security vulnerabilities in our applications, infrastructure, and cloud environments. You will conduct authorized attack simulations, write detailed findings reports, and work with engineering teams to validate remediations. This role is ideal for a creative, methodical security professional who enjoys thinking like an adversary to protect our users and data.

Download DOCX Download PDF Use in Talantrix

Key Responsibilities

Conduct web application, API, and network penetration tests against production and staging environments
Perform cloud infrastructure security assessments across AWS, Azure, or GCP environments
Write clear, actionable penetration test reports with risk ratings and remediation guidance
Collaborate with development teams to validate that remediations effectively resolve identified vulnerabilities
Research emerging attack techniques, CVEs, and exploit chains to keep testing methodologies current
Participate in red team exercises and adversary simulation campaigns
Contribute to the development of internal security testing tools and automation

Required Skills & Experience

3+ years of experience in penetration testing or offensive security roles
Strong knowledge of web application vulnerabilities (OWASP Top 10) and exploitation techniques
Proficiency with penetration testing tools such as Burp Suite, Metasploit, and Nmap
Experience with scripting for custom exploits and automation (Python, Bash, or PowerShell)
Understanding of networking protocols, common misconfigurations, and privilege escalation techniques
Ability to write clear, professional penetration test reports for both technical and executive audiences
Familiarity with cloud security assessment methodologies

Nice-to-Have

Relevant certifications (OSCP, GPEN, GWAPT, or CRTO)
Experience with mobile application penetration testing (iOS and Android)
Knowledge of Active Directory attack paths and Kerberos exploitation
Contributions to bug bounty programs or published CVEs
Experience with container and Kubernetes security testing

Tech Stack

Burp Suite ProfessionalMetasploitNmapCobalt StrikeBloodHoundKali LinuxPythonWiresharkNuclei

What We Offer

Competitive salary and equity package
Flexible remote or hybrid work arrangement
Health, dental, and vision insurance
Annual learning and development budget
Generous PTO policy

Interview Process

1Recruiter phone screen (30 min) — role fit and logistics
2Technical phone screen (45 min) — security fundamentals and methodology discussion
3Practical exercise — conduct a time-boxed penetration test on a deliberately vulnerable application
4Report review — present findings and remediation recommendations to the security team
5On-site or virtual final round (2 hours) — red team scenario discussion and team fit
6Offer and reference checks

Hiring for this role? You might also need:

Interview Scorecards

Bar Raiser

Bar Raiser — Cross-Functional

Independent bar-raiser assessment ensuring the candidate raises the team's overall bar.

Culture & Values

Culture & Values Interview

Behavioral interview scorecard covering collaboration, ownership, and growth mindset.

Hiring Manager

Hiring Manager Final Round

Final evaluation by hiring manager: team fit, role alignment, and leadership potential.

Phone Screen

Recruiter Phone Screen (Universal)

General-purpose recruiter screen covering motivation, experience fit, and logistics.

Email Templates

Sourcing

Cold Outreach — Passive Developer

A personalized first-touch email to engage passive developers who aren't actively job hunting.

Interview Scheduling

Technical Interview Invitation

An email inviting a candidate to a technical interview with details on format, duration, and how to prepare.

Decision & Offer

Offer Letter Email

A congratulatory email extending a formal job offer with key terms and the attached offer letter.

Related Templates

Security

Common Screening Mistakes

Requiring specific certifications like OSCP as a hard filter — many skilled pen testers learned through bug bounty programs, CTF competitions, or self-study and can outperform certified candidates
Confusing penetration testing with vulnerability scanning — a pen tester manually exploits weaknesses and chains vulnerabilities together, while a scanner just generates automated reports
Overlooking candidates from software development backgrounds — developers who transitioned into security often find more creative attack vectors because they understand how applications are built

Red Flags

Can only describe running automated tools without explaining manual testing techniques — automated scanners miss many vulnerabilities that require creative human thinking
Cannot explain what happens after finding a vulnerability (report writing, risk rating, remediation guidance) — the value of a pen tester is not just finding bugs but communicating them clearly
No experience with any form of authorized testing or formal methodology — this raises concerns about scope management and professional conduct

What Good Looks Like

A strong penetration tester can walk you through a test they conducted end-to-end — from scoping and reconnaissance through exploitation and reporting.
They explain not just what they found but how they prioritized findings by business impact.
They mention responsible disclosure practices and staying within scope as non-negotiable professional standards.

Key Tech to Listen For

OWASP Top 10 and common web app exploits
Privilege escalation techniques
Burp Suite extensions and custom payloads
Reconnaissance and OSINT methodology
Report writing and CVSS scoring
Red team vs. penetration test differences