Senior Penetration Tester в Рходес Д.А. Бишкек

About Silent Breach

Silent Breach is a cybersecurity company specializing in penetration testing, offensive security, attack surface management, and security research. We help organizations identify and remediate vulnerabilities before they can be exploited by real-world attackers.

We are looking for a Senior Penetration Tester to join our team in Bishkek. This role is ideal for a hands-on security professional who can independently execute penetration testing engagements, contribute to security research initiatives, and support the development of internal security tools.

Responsibilities:

Penetration Testing

• Independently plan and execute penetration testing engagements from scoping through final reporting.
• Conduct web application, API, network, cloud, mobile, and infrastructure security assessments.
• Identify, validate, and exploit security vulnerabilities through manual testing techniques.
• Perform attack path analysis and assess real-world business impact.
• Conduct vulnerability verification and remediation validation.
• Develop professional, client-facing penetration testing reports with clear remediation guidance.
• Present findings and technical recommendations to clients when required.

Collaboration & Leadership

• Collaborate with junior penetration testers on larger engagements and provide technical guidance when needed.
• Work alongside remote security consultants and distributed testing teams.
• Contribute to internal methodologies, testing procedures, and knowledge-sharing initiatives.
• Participate in technical reviews of assessment findings and reports.

Security Research

• Conduct vulnerability research and offensive security experimentation.
• Stay current with emerging attack techniques, threat actor methodologies, and security trends.
• Participate in research related to vulnerability discovery, exploit development, and zero-day analysis.
• Contribute to internal research projects, blog content, and technical publications where applicable.

Internal Product Development

• Support the development and improvement of Silent Armor, Silent Breach's Attack Exposure Surface Management (AESM) platform.
• Perform occasional software development tasks, security-focused feature development, integrations, automation, and testing for internal products.
• Work closely with engineering and security teams to enhance product security capabilities and offensive security workflows.

Requirements:

• 5+ years of hands-on penetration testing or offensive security experience.
• Demonstrated ability to independently execute penetration testing engagements.
• Strong understanding of web application security, including the OWASP Top 10 and modern web attack techniques.
• Experience assessing APIs, authentication systems, and modern application architectures.
• Strong knowledge of networking, operating systems, and common enterprise environments.
• Experience with Linux and Windows security testing.
• Ability to clearly communicate technical findings in written reports.
• Strong analytical and problem-solving skills.
• Professional working proficiency in English.

Preferred Qualifications

• Experience with cloud security assessments (AWS, Azure, or GCP).
• Experience conducting Active Directory security assessments.
• Familiarity with red teaming methodologies and adversary emulation.
• Experience with exploit development, vulnerability research, or reverse engineering.
• Software development experience in Python, Go, JavaScript, C#, or similar languages.
• Experience contributing to open-source security projects.

Preferred Certifications

• CompTIA Security+
• CompTIA Network+
• CompTIA A+
• Cisco CCNA
• CompTIA CySA+
• GIAC Security Essentials (GSEC)
• CompTIA PenTest+
• CompTIA CASP+
• OSCP (Offensive Security Certified Professional)
• CEH (Certified Ethical Hacker)
• CISSP (ISC2)
• CISM (ISACA)
• CISA (ISACA)
• CRISC (ISACA)
• CCSP (ISC2)

Technical Skills

Experience with some of the following tools and technologies is preferred:

• Burp Suite Professional
• Nmap
• Metasploit
• BloodHound
• Impacket
• Wireshark
• Nessus
• ffuf
• Gobuster
• sqlmap
• NetExec / CrackMapExec
• Python
• Bash
• PowerShell
• Git
• Docker