Penetration Testing

Penetration Tester (Mid–Senior Level)

Location - Remote - India

Experience Level - 3–8 years

About Prescient Security

At Prescient Security, we are on a mission to simplify security and compliance for organizations around the world.

Our core values are:

• Bring Order to Chaos
• Be Accountable & See it Through
• 1000% With You
• Support & Collaborate
• Think Outside the Box

Summary

As a Penetration Tester, you will play a key role in delivering high-quality security assessments for our clients. Testers are responsible for performing application, infrastructure and cloud penetration testing engagements, identifying security vulnerabilities and producing clear, actionable remediation guidance.

Depending on experience level, you may lead engagements end-to-end, mentor junior testers and contribute to improving internal testing methodologies, tools and services.

You will work closely with project managers, clients and other testers to deliver accurate, consistent and impactful security testing outcomes.

Essential Duties and Responsibilities

• Conduct manual penetration testing against web applications, mobile applications, APIs, infrastructure and cloud environments.
• Configure and operate penetration testing tools and scripts to identify vulnerabilities and validate exploitability.
• Document security findings and produce clear, high-quality reports including detailed remediation guidance.
• Develop proof-of-concept exploits demonstrating the real-world impact of vulnerabilities.
• Participate in client calls including kickoff meetings, technical walkthroughs and remediation discussions.
• Collaborate with project managers and testers to ensure engagements are delivered on time and at a high level of quality.
• Perform internal QA reviews of penetration testing deliverables when required.
• Support vulnerability retesting to validate remediation efforts.
• Contribute to improvement of internal tools, methodologies and testing frameworks.
• Mentor junior testers and provide technical guidance when applicable.
• Participate in knowledge sharing activities such as internal training, presentations or research initiatives.

Work Skills and Qualifications

• Strong understanding of networks, operating systems and web/mobile application architectures.
• Familiarity with common vulnerabilities including XSS, SQL Injection, XXE, Deserialization, Path Traversal, SSRF, RCE and authentication flaws.
• Experience testing web/mobile applications and APIs (REST, SOAP, graphQL).
• Familiarity with common penetration testing tools such as Burp Suite, Nessus, nmap.
• Experience with scripting languages such as Python, Bash, PowerShell or Perl.
• Ability to design and document practical remediation guidance for vulnerabilities.
• Strong technical writing skills with the ability to translate technical issues into business risk.
• Experience working with Linux and Windows environments.
• Understanding of penetration testing methodologies such as OWASP, MITRE ATT&CK, OSSTMM and NIST frameworks.
• Ability to work independently and manage testing tasks with minimal supervision.
• Strong communication skills with clients and internal teams.
• Ability to manage sensitive information and maintain strict confidentiality.
• Familiarity with office tools such as Outlook, Teams, Excel and Word.

Senior-Level Expectations (4+ Years)

• Lead penetration testing engagements from kickoff through final report delivery.
• Act as a technical escalation point for complex vulnerabilities or exploitation techniques.
• Review testing deliverables to ensure accuracy, completeness and quality.
• Mentor junior penetration testers and assist with internal training.
• Contribute to development of new testing methodologies, tooling and service improvements.
• Represent the company in client-facing activities such as webinars, workshops or presentations.

Certifications

Preferred certifications include:

OSCP

GPEN

CRTO

GXPN

CREST CRT

OSEP

CEH

CISSP

Testers are expected to obtain and maintain relevant industry certifications over time.

Nice to Have

• Experience performing blockchain or smart contract security assessments.
• Experience participating in red team engagements or adversary simulation exercises.
• Experience testing cloud environments (AWS, Azure, GCP).
• Development or source code review experience.
• Android / IOS Mobile Application Testing
• Desktop Thick Client experience

Additional Notes

This job description is not intended to be all-inclusive. Employees may perform other related duties as needed to support the ongoing needs of the organization.

Prescient Security provides equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, national origin, age, disability or genetics.