Penetration Tester (Ethical Hacker) at GVA Partners

Job Summary

• We are seeking a skilled and driven penetration tester with a hacker mindset to proactively Simulate real world attacks to identify, assess and exploit security vulnerabilities.
• You’ll be part of a fast-paced security team, expected to think like an adversary while maintaining ethical standards and compliance.
• You must be capable of both automated and manual testing, custom script writing, and producing detailed yet understandable reports.

Key Responsibilities

• Conduct black-box, gray-box, and white-box penetration tests on: Web apps, Mobile apps, APIs.
• Perform social engineering and phishing simulation campaigns
• Develop and execute custom exploits where necessary
• Document proof-of-concept exploits and provide risk-ranked findings
• Conduct red team exercises simulating advanced persistent threats (APT)
• Analyze security findings from Hacker One and recreate vulnerabilities
• Collaborate with developers, Appsec Team, DevOps, and product teams to provide remediation guidance
• Stay current on CVEs, exploits, hacker tools, and threat actor techniques (TTPs)
• Weekly updates and debriefs with stakeholders
• Manual Application and Api Penetration testing based on Owasp top 10 (Mobile,Web,Api).

Minimum Requirements

• Proven experience in offensive security or ethical hacking
• Demonstrated history with Bug Bounty programs or CTF competitions
• Deep understanding of web technologies, cloud platforms, and modern infrastructure
• Ability to write and explain exploits or security PoCs clearly
• Strong report writing and communication skills.

Tools and Platforms (it’s expected to have a knowledge of how to use at least one of each of the listed tools):

• Burp Suite, OWASP ZAP, Nmap,
• Mobile security tools: MobSF, Frida, jadx, Objection, genny motion, Andriod studio.
• Kali Linux, Parrot OS, custom scripts in Python, Bash, PowerShell.
• Postman, for API testing.

Security Standards & Compliance:

• OWASP Top 10 (Web, API, Mobile)
• CIS Benchmarks
• NIST 800-53, ISO/IEC 27001.

Preferred Qualifications:

• CEH, OSCP, OSCE, GPEN, or similar certifications
• Experience working in CI/CD environments and with DevSecOps teams
• Programming or scripting experience (Python, JavaScript, Nodejs, php, Go, Bash).