<p><strong>Publication date:</strong> Jun 22, 2025, 8:57AM</p><p><strong>Overview:</strong><br> We are looking for a highly capable and motivated Security Testing Supervisor to support and lead hands-on penetration testing efforts across infrastructure, applications, and enterprise systems. This role involves executing detailed technical assessments, coordinating with cross-functional teams, and contributing to the continuous improvement of the organizations offensive security capabilities.</p> <p><strong>Key Responsibilities:</strong></p> <ul> <li>Perform hands-on penetration testing and vulnerability assessments on:</li> <ul> <li>Web applications, mobile apps (iOS/Android), cloud platforms, and internal networks</li> <li>Active Directory and endpoint environments</li> <li>APIs, firmware, and enterprise systems</li> </ul> <li>Utilize industry-standard security tools such as:</li> <ul> <li>Burp Suite Pro, Nmap, Metasploit, Nessus, Acunetix, Cobalt Strike, etc.</li> </ul> <li>Apply penetration testing frameworks and methodologies:</li> <ul> <li>OWASP Top 10, MITRE ATT&CK, PTES, NIST SP 800-115</li> </ul> <li>Conduct manual exploitation and advanced techniques to simulate real-world attacks and identify weaknesses in detection and response.</li> <li>Participate in secure code reviews and security architecture assessments where required.</li> <li>Document findings and deliver high-quality technical reports and executive summaries.</li> <li>Collaborate with application owners, developers, and infrastructure teams to ensure timely remediation and secure deployment.</li> </ul> <p><strong>Required Qualifications:</strong></p> <ul> <li>Bachelors degree in Computer Science, Information Security, or a related technical discipline.</li> <li>Minimum of <strong>3+ years</strong> of experience in penetration testing, ethical hacking, or application security.</li> <li>Proficiency in using offensive security tools and manual testing techniques.</li> <li>Solid understanding of application, network, and mobile security principles.</li> <li>Experience testing cloud environments and APIs is a strong advantage.</li> </ul> <p><strong>Preferred Skills & Experience:</strong></p> <ul> <li>Strong knowledge in using:</li> <ul> <li>Burp Suite (Pro), OWASP ZAP, Metasploit, Nessus, Wireshark</li> </ul> <li>Familiarity with scripting or automation in: Python, Bash, or PowerShell</li> <li>Experience with secure development practices and DevSecOps principles</li> <li>Exposure to mobile app testing tools and dynamic analysis</li> <li>Knowledge of red teaming or threat emulation exercises is a plus</li> </ul> <p><strong>Certifications (Preferred):</strong></p> <ul> <li>One or more of the following:</li> <ul> <li><strong>OSCP</strong>, <strong>eWPT</strong>, <strong>GWAPT</strong>, <strong>GMOB</strong>, <strong>CEH</strong>, <strong>eMAPT</strong>, <strong>OSWE</strong>, <strong>CISSP</strong></li> </ul> </ul><p style="font-family:'Helvetica Neue', sans-serif; font-size:20px !important; font-weight:bold!important; margin:0;"> Only your skills matter </p> <p style="font-family:'Helvetica Neue', sans-serif; font-size:16px!important; font-weight:normal !important; margin-top:8px;"> Regardless of your age, gender, origin, religion, sexual orientation, neurodiversity, disability, or appearance, we actively encourage diversity within our teams, as it is both a collective strength and a driver of innovation. Orange is a disability-friendly company: please feel free to let us know about any specific needs you may have. </p>