Apply today

We're looking for new talent to join our growing global team located out of our Mumbai, India office.

Job Description: External Penetration TesterPosition Overview
We are seeking a highly skilled External Penetration Tester to conduct advanced security assessments against client-facing networks, applications, and infrastructure. This role requires technical expertise, strong communication abilities, and exceptional report writing skills. You will work directly as part of an international team with clients, delivering findings in a clear and actionable manner to both technical and non-technical stakeholders.

Key ResponsibilitiesPenetration Testing & Technical Assessment
‍Perform external network penetration tests, vulnerability assessments, OSINT, and reconnaissance against internet-facing assets.Identify and exploit vulnerabilities across protocols, cloud services, APIs, authentication mechanisms, and perimeter security controls.

Execute credential harvesting, and password spraying assessments where applicable.

Conduct exploitation using proof-of-concept code, and post-exploitation analysis within agreed engagement scopes.

Document clear reproduction steps, evidence, and business impact for all findings.

‍Reporting & Documentation
‍Produce high-quality, client-ready penetration test reports with well-structured executive summaries, technical narratives, evidence, and prioritized remediation guidance.

Ensure reporting meets industry expectations (OWASP, PTES, NIST 800-115, TPN, ISO, etc.) where required.

‍Client Communication & Collaboration
‍Communicate findings and methodologies to both technical teams and non-technical leadership in a clear and professional manner.Attend outbrief calls (as needed), executive readouts, and remediation consulting sessions.

‍Required Technical Skills
‍Strong understanding of TCP/IP, DNS, HTTP(S), VPN, firewalls, proxies, and cloud networking concepts.Hands-on experience with common offensive toolsets ( Nmap, Metasploit, Nessus, SQLMap, etc.).

Proficiency with scripting or automation languages (Python, PowerShell, Bash).

Familiarity with attack frameworks such as MITRE ATT&CK, OWASP Top 10, OWASP API Top 10.

Experience with cloud environments (AWS, Azure, GCP) and SaaS technologies such as Office 365, G-Mail, Box.com, and Dropbox.

‍Soft Skills & Professional TraitsExceptional communication skills
Able to clearly explain vulnerabilities and risks to audiences of all levels, both verbal and written.

‍Strong report writing ability
‍Capable of producing concise, defensible, and high-impact documentation.

‍Professionalism and empathy
‍Able to build rapport with clients and understand operational challenges.

‍Critical thinking
Able to correlate disparate information, identify attack paths, and assess real risk rather than theoretical issues.

‍Time management
‍Able to handle multiple engagements, meet tight deadlines, and maintain responsiveness.

‍Adaptability
Comfortable in fast-paced environments with changing scope, technology stacks, and client needs.

‍Collaboration
Works well with internal teams, project managers, and other testers.