Intermediate Penetration Tester

Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cybersecurity challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber-attacks with proven defensive methodology, quickly identifying, containing, eradicating and recovering from an attack. Our goal is to get businesses fully operational as quickly as possible and to further prevent any downtime or impact to the business operations. Summary / Objective The Intermediate Penetration Tester plays a critical role in fortifying client cybersecurity environments through advanced offensive testing and advisory services. This individual is responsible for uncovering vulnerabilities in corporate networks, web and mobile applications, APIs, cloud infrastructure, and internal systems using a blend of manual techniques and automated tools. This role includes providing strategic remediation guidance to stakeholders, enhancing organizational security posture, and contributing to the continuous evolution of penetration testing methodologies. The ideal candidate combines technical excellence with leadership and communication skills to deliver high-impact engagements and drive customer success. Essential Functions Plan and execute penetration tests on web applications and APIs, internal and external network infrastructure, and cloud environments (AWS, Azure, GCP). Identify and exploit vulnerabilities using manual techniques and automated tools. Conduct reconnaissance, vulnerability scanning, and exploitation phases of engagements. Perform basic social engineering assessments (e.g., phishing simulations). Document findings with clear risk impact and remediation recommendations. Collaborate with clients to understand their environments and tailor assessments accordingly. Stay current with emerging threats, vulnerabilities, and attack techniques. Participate in post-assessment debriefs and support remediation planning. Required Skills, Experience, and Qualifications Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field. 2‑4 years of hands‑on experience conducting offensive security assessments, web and mobile application testing, API and backend system penetration testing, and on‑site physical security evaluations. Proficiency in both Windows and UNIX/Linux operating systems. Deep understanding of networking protocols (TCP/IP, UDP, ICMP, DNS) and enterprise architecture. Basic familiarity with cloud platforms (AWS, Azure, GCP) and their security models. Skilled in using tools such as Kali Linux, Parrot OS, Burp Suite, Cobalt Strike, Metasploit, Nmap, Nessus, and others. Strong verbal and written communication skills for documenting findings and presenting to stakeholders. Preferred Skills and Certifications One or more certifications: OSCP, OSCE, CREST, GIAC GPEN/GWAPT/GXPN, or equivalent. Strong organizational skills to triage, prioritize, and document technical findings. Ability to think critically and creatively in dynamic, high‑pressure environments. Experience working independently and collaboratively across remote and onsite teams. Familiarity with physical security hardware, RFID/NFC technology, and access control systems. Job Type Full‑time/Exempt Location 100% Telecommuting % of Travel Required Up to 50% – Domestic and international travel may be required for physical testing, red team assessments, and client engagements. Physical Requirements Prolonged periods of sitting at a desk and working on a computer. Equal Opportunity Statement CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status. #J-18808-Ljbffr