Senior Penetration Tester – Infrastructure, Platform & Backend
Job descriptions & requirements
About the Role
We are looking for an experienced Senior Penetration Tester to lead offensive security testing across our cloud-hosted digital banking platform. In this role, you will identify, validate, and exploit security vulnerabilities across cloud infrastructure, Kubernetes environments, backend services, APIs, CI/CD pipelines, and banking integrations.
Working closely with the Cyber Security leadership team, you will provide technical expertise that strengthens our security posture, influences remediation priorities, and helps ensure our platforms meet the highest security standards.
Key Responsibilities
- Plan and execute penetration tests across cloud infrastructure, networks, and backend systems.
- Assess the security of AWS cloud environments, Kubernetes clusters, IAM configurations, VPNs, firewalls, and network segmentation.
- Perform API security testing, including authentication, authorization, encryption, and injection testing.
- Evaluate CI/CD pipelines, container security, infrastructure-as-code, and software supply chain controls.
- Conduct database and infrastructure security assessments.
- Perform assumed-breach and lateral movement exercises.
- Produce detailed penetration testing reports with risk ratings, proof-of-concept evidence, and remediation recommendations.
- Present findings to technical and executive stakeholders.
- Validate remediation efforts through retesting.
Required Qualifications
Experience
- Minimum 5 years of hands-on penetration testing experience.
- At least 3 years focused on:
- AWS cloud security
- Kubernetes security
- CI/CD pipeline security
- Infrastructure penetration testing
Technical Skills
Strong experience with:
- AWS Security Services
- Kubernetes Security
- API Security Testing
- Network Security
- VPN Security
- Container Security
- Infrastructure-as-Code security
- OWASP Testing Methodologies
Experience using tools such as:
- Burp Suite Professional
- Nmap
- Metasploit
- Nuclei
- kubectl
- AWS CLI
- Checkov
- Trivy
- Python or Go scripting
Certifications
Required
- Offensive Security Certified Professional (OSCP)
Highly Preferred
- Offensive Security Experienced Penetration Tester (OSEP)
- AWS Certified Security – Specialty
- Certified Kubernetes Security Specialist (CKS)
- Certified Kubernetes Application Developer (CKAD)
- GIAC Penetration Tester (GPEN)
Preferred Experience
- Financial Services, Banking, or FinTech environments
- PCI-DSS and ISO 27001
- Payment platform security
- Cloud WAF security
- Runtime security tools (Falco, Tetragon, Groundcover)
- Red Team engagements
- Multi-cloud environments
What We're Looking For
We're looking for someone who:
- Demonstrates deep technical expertise in offensive security.
- Can identify complex vulnerabilities beyond automated scanning.
- Produces high-quality technical reports for both technical and executive audiences.
- Exercises sound judgment when handling critical security findings.
- Maintains the highest standards of professionalism and integrity.
- Stays current with emerging attack techniques and threat intelligence.
<
Important safety tips
- Do not make any payment without confirming with the Jobberman Customer Support Team.
- If you think this advert is not genuine, please report it via the Report Job link below.