Senior Penetration Tester

What you'll do

• Lead end-to-end penetration testing engagements: scoping, reconnaissance, exploitation, post-exploitation, and reporting
• Conduct web application assessments following OWASP methodology, with a focus on manual testing and business logic
• Perform network and infrastructure assessments, including Active Directory environments and cloud configurations
• Produce clear, actionable reports for both technical and executive audiences — without editorial hand-holding
• Present findings directly to client security and engineering teams
• Contribute to methodology development, internal tooling, and knowledge sharing across the team
• Support junior team members on complex engagements

What we're looking for

• 4+ years conducting penetration tests in a professional services or consultancy environment
• Strong proficiency with offensive tooling: Burp Suite Pro, Metasploit, Cobalt Strike, custom scripts
• Solid understanding of Active Directory attack paths, lateral movement, and privilege escalation
• Experience with web application testing — OWASP Top 10, API security, authentication flaws
• Ability to write high-quality, client-ready reports independently
• Professional working level in English; Spanish is an advantage
• Based in Europe (for client travel when required)

Nice to have

• OSCP, CRTE, CRTO, CPTS, or equivalent offensive certifications
• Experience with cloud environments (AWS, Azure, GCP) from an attacker perspective
• Social engineering or phishing simulation experience
• Familiarity with OT/SCADA security testing
• CVEs or public security research

What we offer

• Fully remote role within Europe, with occasional client travel
• A technically rigorous team — no padding, no checkbox mentality
• Exposure to diverse client environments across industries and European jurisdictions
• Direct impact on engagements from day one — no lengthy onboarding bureaucracy
• Competitive compensation commensurate with experience