Senior Analyst - Penetration Tester

Job description

JOB DESCRIPTION: Job Title: Senior Analyst - Penetration Tester Location: Hybrid (2 days in the office) Type: Full Time: Role overview: We are looking for a Senior Penetration Tester to lead testing across web applications, APIs, cloud services (Azure, AWS, GCP) and internal environments. You’ll work closely with AppSec, cloud, vulnerability, and threat hunting teams, using Veracode and Burp as core tools and following up with deep manual testing. The role includes occasional planned evening and weekend work for production testing, with comp days so your week still averages ~40 hours / 5 days. Key responsibilities: - Lead penetration tests for web and API applications, including modern JavaScript apps, WordPress and Apache-based services. - Use Veracode SAST/DAST and Burp Suite to identify issues, then perform manual testing to uncover logic, authorization, and high-impact vulnerabilities. - Test Azure, AWS and GCP environments using tools like ScoutSuite, Prowler, Pacu (or similar) to find misconfigurations and escalation paths. - Assess Active Directory and Azure AD using BloodHound (and similar tools) to identify and validate attack paths. - Perform security testing of AI/ML/LLM...