Sr. Penetration Tester

We are seeking a highly skilled Penetration Testing Engineer to join our cybersecurity team. The ideal candidate will perform complex security assessments, across infrastructure, applications, and cloud environments for internal as well as external clients. The ideal candidate will simulate real-world cyber-attacks to identify exploits/vulnerabilities and generate a report with those findings to share with internal team as well external clients. This role requires deep technical expertise, strong communication skills, and the ability to mentor junior team members.Key AccountabilitiesCapability DevelopmentSupport the organization’s cybersecurity strategy by identifying emerging threats, attack trends, and vulnerabilities across web, mobile, network, and cloud environments.Contribute to the development and enhancement of penetration testing methodologies, frameworks, and security standards.Provide strategic insights to leadership on improving the organization’s overall security posture.Align penetration testing activities with risk‑management priorities and business objectives.Participate in security architecture discussions to ensure new systems and applications are designed securely.Establish testing standards, methodologies, and quality frameworks mapped to NIST, OWASP, PTES, and ISO 27001.Build and mature red teaming, adversary simulation, and purple teaming program.Lead adoption of continuous and autonomous penetration testing capabilities to improve coverage and efficiency.Define KPIs, SLAs, and ROI metrics for penetration testing within managed security services.Contribute to SOC detection engineering improvement by validating controls through offensive simulations.FunctionalPerform penetration testing across multiple domains: web applications, mobile applications (Android/iOS), internal and external networks, wireless networks, APIs, and cloud services; source code review; red teaming / purple teaming; and tabletop exercises.Conduct vulnerability assessments and exploit validation using industry‑standard tools and manual techniques.Identify security weaknesses, misconfigurations, insecure coding practices, and potential attack paths.Prepare detailed technical reports with findings, risk ratings, and actionable remediation recommendations.Validate fixes and perform re‑testing to ensure vulnerabilities are properly addressed.Support incident response teams with exploitation insights and threat‑actor simulation knowledge.OperationsPlan, execute, and document penetration testing engagements in accordance with approved scopes and timelines.Ensure all testing activities follow internal policies, legal guidelines, and ethical standards.Coordinate with application owners, infrastructure teams, and project managers to schedule testing windows.Maintain accurate logs, evidence, and documentation for audit and compliance purposes.Assist in continuous improvement of security tools, processes, and automation for testing workflows.Track remediation progress and collaborate with stakeholders to ensure timely closure of vulnerabilities.PeopleCollaborate effectively with cross‑functional teams including development, infrastructure, SOC, and compliance teams.Provide guidance and mentorship to junior penetration testers or security analysts.Conduct knowledge‑sharing sessions, workshops, or awareness programs on secure coding and common vulnerabilities.Communicate complex technical issues in a clear, understandable manner to both technical and non‑technical audiences.Foster a culture of security awareness and proactive risk management across the organization.ConfidentialityEnsure non‑disclosure of confidential information to anyone within or outside the Authority, during or after employment at Moro.SafetyFollow and adhere to the QH&S Management System Manual as per the Data Hub’s safety standards.Business StrategyEnsure penetration testing activities support business continuity, regulatory compliance, and customer trust.Provide insights that help reduce business risk and strengthen resilience against cyber threats.Contribute to cost‑effective security improvements by prioritizing vulnerabilities based on business impact.Support audit, compliance, and certification efforts (ISO 27001, PCI DSS, etc.) by providing testing evidence and reports.Help the organization maintain a strong security posture that aligns with its long‑term business goals.Qualifications, Experience & SkillsQualification: Bachelor’s degree in computer science, cybersecurity, information security, or a related field.Advanced certifications preferred: OffSec – OSEP (Experienced Penetration Tester), OffSec – OSWE (Web Expert), OffSec – OSCP (Offensive Security Certified Professional), CREST – CCT INF (Infrastructure), CREST – CCT APP (Applications), CRT (CREST Registered Tester).CEH (Practical) – Certified Ethical Hacker, EC-Council: LPT (Master) or EC-Council: ECSA (Certified Security Analyst).Additional cloud or security certifications are a plus (e.g., A