**Overview:** We are looking for a highly capable and motivated Security Testing Supervisor to support and lead hands\-on penetration testing efforts across infrastructure, applications, and enterprise systems. This role involves executing detailed technical assessments, coordinating with cross\-functional teams, and contributing to the continuous improvement of the organizations offensive security capabilities. **Key Responsibilities:** * Perform hands\-on penetration testing and vulnerability assessments on: + Web applications, mobile apps (iOS/Android), cloud platforms, and internal networks + Active Directory and endpoint environments + APIs, firmware, and enterprise systems * Utilize industry\-standard security tools such as: + Burp Suite Pro, Nmap, Metasploit, Nessus, Acunetix, Cobalt Strike, etc. * Apply penetration testing frameworks and methodologies: + OWASP Top 10, MITRE ATT\&CK, PTES, NIST SP 800\-115 * Conduct manual exploitation and advanced techniques to simulate real\-world attacks and identify weaknesses in detection and response. * Participate in secure code reviews and security architecture assessments where required. * Document findings and deliver high\-quality technical reports and executive summaries. * Collaborate with application owners, developers, and infrastructure teams to ensure timely remediation and secure deployment. **Required Qualifications:** * Bachelors degree in Computer Science, Information Security, or a related technical discipline. * Minimum of **3\+ years** of experience in penetration testing, ethical hacking, or application security. * Proficiency in using offensive security tools and manual testing techniques. * Solid understanding of application, network, and mobile security principles. * Experience testing cloud environments and APIs is a strong advantage. **Preferred Skills \& Experience:** * Strong knowledge in using: + Burp Suite (Pro), OWASP ZAP, Metasploit, Nessus, Wireshark * Familiarity with scripting or automation in: Python, Bash, or PowerShell * Experience with secure development practices and DevSecOps principles * Exposure to mobile app testing tools and dynamic analysis * Knowledge of red teaming or threat emulation exercises is a plus **Certifications (Preferred):** * One or more of the following: + **OSCP**, **eWPT**, **GWAPT**, **GMOB**, **CEH**, **eMAPT**, **OSWE**, **CISSP** **Contrat** ----------- CDI