Sr. Penetration Tester

We are seeking a highly skilled Penetration Testing Engineer to join our cybersecurity team. The ideal candidate will perform complex security assessments, across infrastructure, applications, and cloud environments for internal as well as external clients. The ideal candidate will simulate real‑world cyber‑attacks to identify exploits/vulnerabilities and generate a report with those findings to share with internal team as well external clients.

This role requires deep technical expertise, strong communication skills, and the ability to mentor junior team members.

• Support the organization’s cybersecurity strategy by identifying emerging threats, attack trends, and vulnerabilities across web, mobile, network, and cloud environments.
• Contribute to the development and enhancement of penetration testing methodologies, frameworks, and security standards.
• Provide strategic insights to leadership on improving the organization’s overall security posture.
• Align penetration testing activities with risk‑management priorities and business objectives.
• Participate in security architecture discussions to ensure new systems and applications are designed securely.
• Establish testing standards, methodologies, and quality frameworks mapped to NIST, OWASP, PTES, and ISO 27001.
• Build and mature red teaming, adversary simulation, and purple teaming program.
• Lead adoption of continuous and autonomous penetration testing capabilities to improve coverage and efficiency.
• Define KPIs, SLAs, and ROI metrics for penetration testing within managed security services.
• Contribute to SOC detection engineering improvement by validating controls through offensive simulations.

• Perform penetration testing across multiple domains:

• Conduct vulnerability assessments and exploit validation using industry‑standard tools and manual techniques.
• Identify security weaknesses, misconfigurations, insecure coding practices, and potential attack paths.
• Prepare detailed technical reports with findings, risk ratings, and actionable remediation recommendations.
• Validate fixes and perform re‑testing to ensure vulnerabilities are properly addressed.
• Support incident response teams with exploitation insights and threat‑actor simulation knowledge.

• Plan, execute, and document penetration testing engagements in accordance with approved scopes and timelines.
• Ensure all testing activities follow internal policies, legal guidelines, and ethical standards.
• Coordinate with application owners, infrastructure teams, and project managers to schedule testing windows.
• Maintain accurate logs, evidence, and documentation for audit and compliance purposes.
• Assist in continuous improvement of security tools, processes, and automation for testing workflows.
• Track remediation progress and collaborate with stakeholders to ensure timely closure of vulnerabilities.

• Collaborate effectively with cross‑functional teams including development, infrastructure, SOC, and compliance teams.
• Provide guidance and mentorship to junior penetration testers or security analysts.

• Conduct knowledge‑sharing sessions, workshops, or awareness programs on secure coding and common vulnerabilities.
• Communicate complex technical issues in a clear, understandable manner to both technical and non‑technical audiences.
• Foster a culture of security awareness and proactive risk management across the organization.

• Confidentiality:
  Ensure non‑disclosure of confidential information to anyone within or outside the Authority, during or after employment at Moro.
• Safety:
  Follow and adhere to the QH&S Management System Manual as per the Data Hub's safety standards

• Ensure penetration testing activities support business continuity, regulatory compliance, and customer trust.
• Provide insights that help reduce business risk and strengthen resilience against cyber threats.
• Contribute to cost‑effective security improvements by prioritizing…