Senior Penetration Tester

ADACOM S.A.
is a leading Trust Services & Cyber Security Provider in EMEA.

For 25 years we deliver solutions for large Financial Institutions, Telecom companies, Utilities & Governmental Organizations and Multinationals in EMEA. You can review our corporate web site

A Senior Penetration Tester will play a pivotal role in conducting advanced penetration tests, identifying complex security vulnerabilities, and providing expert guidance to enhance the security posture of the clients' infrastructures. Leveraging their experience and expertise, they will lead penetration testing engagements, mentor junior team members, and collaborate with clients to develop tailored security solutions.

Responsibilities:

• Leading and executing penetration testing engagements across a wide range of client environments, including systems, networks, and applications.
• Conducting in-depth security assessments to identify vulnerabilities, misconfigurations, and weaknesses in client infrastructures.
• Utilizing advanced exploitation techniques and custom scripts to simulate real-world cyber attacks and assess the effectiveness of security controls.
• Analyzing and documenting findings from penetration tests, including detailed exploit reports, risk assessments, and recommendations for remediation.
• Providing expert guidance and technical support to clients during the remediation process, including prioritizing and implementing security controls and best practices.
• Developing and maintaining custom tools, scripts, and methodologies to enhance the efficiency and effectiveness of penetration testing activities.
• Collaborating with cross-functional teams, including security analysts, engineers, and developers, to identify and address security gaps throughout the software development lifecycle.
• Serving as a subject matter expert on penetration testing methodologies, tools, and best practices, both internally and externally.

Required experience & skills:

• Bachelor's degree in Computer Science, Information Security, Engineering or equivalent practical experience. Advanced degree is a plus but not required.
• Professional experience: 5+ years in offensive security / penetration testing, or equivalent.
• Proven track record leading and delivering medium-to-large scope engagements across multiple technology stacks.
• Deep technical expertise in:
• Web application attacks (OWASP Top 10, SSRF, RCE, deserialization, auth logic bugs).
• Network & host exploitation (Windows/Linux privilege escalation, AD/kerberos).
• Cloud security assessments (AWS, Azure, GCP concepts, IAM, misconfig, serverless/container assessments).
• API, mobile and thick-client testing.
• Post-exploitation, lateral movement and persistence techniques.
• StrongHands-on toolset: Burp Suite (Pro), nmap, Metasploit, Cobalt/Empire/Metasploit alternatives, sqlmap, Wireshark, BloodHound, PowerShell Empire / PowerView / SharpSploit, Frida, Ghidra/IDA or reverse engineering experience.
• Comfortable writing custom scripts/tools in at least one language (Python, Golang, PowerShell, Ruby).
• Experience with exploitation development or adapting public exploits.
• Strong reporting skills: ability to produce reproducible, prioritized findings and remediation steps.
• Excellent verbal communication and client-facing skills; ability to explain technical issues to non-technical stakeholders.
• Strong problem-solving mindset and intellectual curiosity.
• High integrity and adherence to ethical/legal standards.
• Ability to work independently and lead small teams.
• Client-oriented, professional demeanor and project management capabilities.
• Comfortable in high-pressure or ambiguous environments.

Certifications (preferred):

• Offensive certifications such as OSCP, OSCE, OSWE, OSEP, CREST CRT, eLearnSecurity Pentest+, or equivalent.
• Cloud certifications (AWS Certified Security, Azure Security Engineer, GCP Professional Cloud Security) are a plus.
• ISC2/CISSP or other governance certifications are a plus but not required.

What we offer

• Private Health Insurance
• Private Pension Plan
• Training & Development
• Performance Bonus
• Laptop
• Phone - Mobile Plan