Penetration Testing Engineer (Application, Network & Cloud Security)
Remote
Rate Upto $60/hr on C2C
Position Summary
We are seeking an experienced Penetration Testing Engineer to identify and validate security vulnerabilities across applications, networks, APIs, and cloud environments. The role involves conducting internal and external penetration testing across enterprise systems and simulating real-world attack scenarios to proactively identify and mitigate security risks.
The ideal candidate will have strong experience performing structured penetration testing aligned with recognized security frameworks and experience working in regulated environments such as healthcare.
Key Responsibilities
Penetration Testing & Security Assessments
• Perform application penetration testing for web, mobile, and API-based applications
• Conduct Internal Network Penetration Testing (INPT) across corporate infrastructure
• Conduct External Network Penetration Testing (ENPT) for internet-facing systems
• Execute cloud security penetration testing across AWS, Azure, or Google Cloud Platform environments
• Identify vulnerabilities related to authentication, authorization, configuration weaknesses, and insecure integrations
Vulnerability Analysis
• Validate vulnerabilities discovered through automated scanning tools
• Perform manual exploitation and proof-of-concept validation
• Assess risks across network infrastructure, applications, APIs, and cloud services
Compliance & Framework Alignment
• Conduct testing aligned with security frameworks such as:
• OWASP Top 10
• National Institute of Standards and Technology (NIST)
• PTES (Penetration Testing Execution Standard)
• OSSTMM
• Support environments operating under Health Insurance Portability and Accountability Act (HIPAA) compliance
Reporting & Documentation
• Prepare detailed penetration testing reports including findings, exploitation methods, risk severity, and remediation recommendations
• Present findings to security and technical stakeholders
Collaboration
• Work with infrastructure, DevOps, and development teams to remediate vulnerabilities
• Provide recommendations for improving security architecture and configurations
Required Skills
Penetration Testing
• Web Application Security Testing
• API Security Testing
• Infrastructure Penetration Testing
• Cloud Security Testing
• Internal & External Network Penetration Testing
Tools
Experience with tools such as:
• Burp Suite
• Metasploit
• Nmap
• Nessus / OpenVAS
• OWASP ZAP
• Wireshark
• Kali Linux
Cloud & Infrastructure
• Security testing in AWS, Azure, or Google Cloud Platform
• Understanding of network segmentation, firewall rules, and identity management
Scripting (Preferred)
• Python
• Bash
• PowerShell
Preferred Certifications
• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• GPEN (GIAC Penetration Tester)
• GWAPT
• CISSP
Experience Requirements
• 5+ years of penetration testing or offensive security experience
• Experience testing enterprise-scale environments and multi-data center infrastructures
• Experience in regulated industries such as healthcare (HIPAA preferred)
Thanks
Navya