Penetration Tester (Ethical Hacker) at GVA Partners

Job Summary

We are seeking a skilled and driven penetration tester with a hacker mindset to proactively simulate real-world attacks and identify, assess, and exploit security vulnerabilities. You'll be part of a fast-paced security team, expected to think like an adversary while maintaining ethical standards and compliance.

You must be capable of both automated and manual testing, custom script writing, and producing detailed yet understandable reports.

Key Responsibilities

• Conduct black-box, gray-box, and white-box penetration tests on web applications, mobile apps, and APIs
• Perform social engineering and phishing simulation campaigns
• Develop and execute custom exploits where necessary
• Document proof-of-concept exploits and provide risk-ranked findings
• Conduct red team exercises simulating advanced persistent threats (APT)
• Analyze security findings from HackerOne and recreate vulnerabilities
• Collaborate with developers, AppSec team, DevOps, and product teams to provide remediation guidance
• Stay current on CVEs, exploits, hacker tools, and threat actor techniques (TTPs)
• Provide weekly updates and debriefs with stakeholders
• Perform manual application and API penetration testing based on OWASP Top 10 (mobile, web, API)

Minimum Requirements

• Proven experience in offensive security or ethical hacking
• Demonstrated history with bug bounty programs or CTF competitions
• Deep understanding of web technologies, cloud platforms, and modern infrastructure
• Ability to write and explain exploits or security PoCs clearly
• Strong report writing and communication skills

Required Tools and Platforms

Experience with at least one tool from each category is expected:

• Web Application Testing: Burp Suite, OWASP ZAP, Nmap
• Mobile Security: MobSF, Frida, Jadx, Objection, Genymotion, Android Studio
• Operating Systems & Scripting: Kali Linux, Parrot OS, custom scripts in Python, Bash, PowerShell
• API Testing: Postman