What are the responsibilities and job description for the Penetration Tester position at Innovien Solutions?
Job Description:
This Penetration Tester will perform comprehensive, end-to-end security assessments across applications, networks, cloud environments, and enterprise infrastructure. They’ll identify vulnerabilities, misconfigurations, and exploitable weaknesses through hands-on testing, threat modeling, exploitation, and post-exploitation activities. The role also includes delivering clear, actionable remediation guidance to both technical and non-technical stakeholders while partnering with engineering teams to strengthen overall security posture.
Requirements:
- 3 years of hands-on penetration testing or offensive security experience, specifically conducting real-world assessments on web applications
- Strong knowledge of web application security – OWASP Top 10, API vulnerabilities, network and infrastructure security – routing, segmentation, privilege escalation, and operating system internals/misconfigurations across Windows and Linux
- Hands on experience with Burpe Suite for daily web application testing and experienced with tools such as Nmap, Metasploit, Nessus, Wireshark, SQLmap, Hydra, BloodHound, or similar tools
- Excellent documentation and client-facing communication skills
Nice to have:
-OSCP, eJPT, CEH, GPEN, HTB CPTS or similar offensive security certifications
-OSCP, eJPT, CEH, GPEN, HTB CPTS or similar offensive security certifications
- Cloud or DevSecOps certifications
- Scripting ability in Python, PowerShell, or Bash for custom exploitation or automation
Responsibilities:
–Internal and external networks
–APIs and cloud-hosted services (AWS, Azure, GCP)
–Infrastructure components, Active Directory, and enterprise systems
- Execute comprehensive penetration tests on diverse environments including:
–Internal and external networks
–APIs and cloud-hosted services (AWS, Azure, GCP)
–Infrastructure components, Active Directory, and enterprise systems
- Perform threat modeling, exploitation, and post-exploitation activities to determine true business impact
- Assess both technical and procedural security controls, validating configurations and identifying weaknesses in authentication, authorization, and data protection
- Develop and maintain custom scripts, payloads, and automation tools to enhance testing depth and efficiency
- Produce detailed technical reports with risk ratings, reproduction steps, and practical mitigation recommendations
- Deliver executive summaries and presentations that translate technical findings into business risk terms
- Collaborate with engineering, development, and security teams to support remediation and retesting efforts
- Stay informed on emerging vulnerabilities, exploits, and security frameworks, integrating new techniques into testing methodologies
- Contribute to the ongoing refinement of internal testing standards, playbooks, and templates
