Penetration Tester

International Solutions Group is seeking a highly skilled Penetration Tester to join our team. As a Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in our clients' systems and applications.

• Conduct manual penetration testing, focusing on web and mobile applications.
• Develop and maintain a strong understanding of security frameworks, including OWASP Top 10 and NIST Standards.
• Utilize security tools, such as Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan, to identify vulnerabilities.
• Collaborate with development teams to resolve identified vulnerabilities.
• Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications follow security best practices.
• Lead security scoping calls with stakeholders, outlining security risks and developing remediation plans.
• Perform code reviews to detect vulnerabilities and enforce secure coding standards.

• 8+ years of experience in penetration testing, with a strong focus on web and mobile applications.
• Proficiency in using security tools, such as Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
• Hands-on experience with DAST and SAST tools, such as IBM AppScan, HP WebInspect, and Acunetix.
• Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.
• Familiarity with Azure cloud security architecture, VNets, and Azure DevOps pipelines.
• Proficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.
• Knowledge of core networking concepts, including routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.
• Experience in building and assessing API security frameworks and secure coding practices for web apps.
• Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
• Active participation in platforms, such as Hack the Box, Portswigger Academy, or Capture the Flag (CTF).

• OSCP, OSWA, CEH, or relevant SANS certifications.

• Bachelor's degree in Computer Science, Information Technology, Finance, or a related field.