Job Specifications
Overview
We are looking for a Penetration Tester with 2–5 years of hands-on experience performing end-to-end security assessments across a variety of technologies and environments. The role involves conducting comprehensive evaluations of applications, networks, and infrastructure, identifying exploitable weaknesses, and delivering clear, actionable remediation guidance to stakeholders at all levels.
Key Responsibilities
Execute comprehensive penetration tests on diverse environments including:
Web and mobile applications
Internal and external networks
APIs and cloud-hosted services (AWS, Azure, GCP)
Infrastructure components, Active Directory, and enterprise systems
Perform threat modeling, exploitation, and post-exploitation activities to determine true business impact.
Assess both technical and procedural security controls, validating configurations and identifying weaknesses in authentication, authorization, and data protection.
Develop and maintain custom scripts, payloads, and automation tools to enhance testing depth and efficiency.
Produce detailed technical reports with risk ratings, reproduction steps, and practical mitigation recommendations.
Deliver executive summaries and presentations that translate technical findings into business risk terms.
Collaborate with engineering, development, and security teams to support remediation and retesting efforts.
Stay informed on emerging vulnerabilities, exploits, and security frameworks, integrating new techniques into testing methodologies.
Contribute to the ongoing refinement of internal testing standards, playbooks, and templates.
Required Qualifications
2–5 years of professional experience in penetration testing, offensive security, or vulnerability research.
Strong knowledge of:
Web application security (OWASP Top 10, API vulnerabilities)
Network and infrastructure security, including routing, segmentation, and privilege escalation
Operating system internals (Windows, Linux) and common misconfigurations
Proficiency with leading tools such as:
Burp Suite, Nmap, Metasploit, Nessus, Wireshark, SQLmap, Hydra, BloodHound, or equivalent frameworks
Scripting ability in Python, PowerShell, or Bash for custom exploitation or automation.
Familiarity with cloud security testing (AWS IAM, Azure AD, containerized workloads).
Excellent documentation and client-facing communication skills.
Preferred Certifications
OSCP, eJPT, CEH, GPEN, HTB CPTS or similar offensive security certifications
Cloud or DevSecOps certifications (e.g., AWS Security Specialty, AZ-500) are advantageous
Core Competencies
Analytical and detail-driven with a strong understanding of risk prioritization
Skilled at translating technical findings into business impact
Adaptable and resourceful across varying technologies and environments
Committed to continuous learning and professional development in cybersecurity
About the Company
Inspira Enterprise is a global Cybersecurity & Data Analytics & AI services provider with a presence in North America, ASEAN, Middle East, India, and Africa regions. We offer a wide range of services to a host of industries like Banking, Financial Services and Insurance (BFSI), Healthcare, Public Sector, Manufacturing, Information Technology Enabled Services (ITeS) eCommerce, and others. Inspira's cybersecurity services are very extensive ranging from the basic perimeter security to complex incident management and response. ...
Know more