Pen Tester

About us:
Skill Quotient Technologies is a global leader in delivering transformative IT solutions, committed to empowering businesses in the digital era since its inception in 2016. Specializing in Cloud Services & Management, Cyber Security, Applications Development, Enterprise Solutions, Process Automation, Data Engineering, Software Testing, Staff Augmentation, and Project and Product Management. Skill Quotient provides cutting-edge services tailored to meet diverse industry needs. Its dedicated cybersecurity division, SecurePlex has achieved prestigious recognition, including being named Cyber Security Company of the Year 2025 by the Malaysia Cyber Security Awards. With a global presence across the USA, Saudi Arabia, Malaysia, Singapore, UAE, and India, Skill Quotient emphasizes quality, security, and innovation, underscored by ISO 27001:2013, CREST, and CMMI-DEV ML 3 certifications.

Key Responsibilities / Deliverables
"1. Penetration Testing with clear scope boundaries that include, but not limited to:
a. Authorized Targets: Systems, applications, APIs, cloud services, infrastructure components, and IP ranges formally approved for testing.
b. Constraints: Testing must be non-destructive, with no disruption to production systems unless explicitly authorized.
c. Business Context: Testing targets and depth of engagement shall be based on risk profile, business criticality, and recent changes (e.g. system onboarding, major releases).
d. Testing Methodologies: Must align with industry best practices such as OWASP, NIST SP 800-115, OSSTMM, and PTES.

2. Key Engagement Components

2.1 Rules of Engagement (RoE)
- Define and agree on authorized systems, testing windows, exclusions, and notification processes.
- Agree on permissible attack vectors, tools, and techniques.
- Ensure all activities comply with legal, ethical, and internal policies of the client.
- Emergency contacts, escalation paths, and stop- testing procedures must be documented.

2.2 Reconnaissance
- Perform both passive and active reconnaissance to gather intelligence about the client's assets.
- Activities include:

i. Domain and subdomain enumeration
ii. WHOIS, DNS, Shodan lookups
iii. Employee OSINT (where in scope)
iv. Banner grabbing and service enumeration

2.3 Vulnerability Scanning Use a combination of automated and manual tools to identify:
i. Misconfigurations
ii. Unpatched software
iii. Insecure services
iv. Exposure to known vulnerabilities (e.g., CVEs, OWASP Top 10)

2.4 Exploitation 
Attempt to safely exploit identified vulnerabilities using:
 - Proof-of-concept (PoC) exploits
 - Custom scripts
 - Commercial and open-source exploitation frameworks (e.g., Metasploit, Burp, etc.)
 - Exploits must be limited to confirming impact, avoiding service disruption.

2.5 Network Mapping and Exploitation
 - Map the network topology and identify: Entry points, segmentation boundaries, trust zones
 - Exploit network-level vulnerabilities including:
 ü Insecure protocols
 ü Weak or default credentials
 ü Firewall misconfigurations
 ü SMB, RDP, and LDAP weaknesses

2.6 Web Application Testing Assess web applications and APIs for:
- Injection flaws (SQLi, XSS, OS command)
- Broken authentication and access controls
- Insecure deserialization, CSRF
- OWASP API Top 10 vulnerabilities
- Include both authenticated and unauthenticated testing where credentials are provided.

2.7 Mobile Application Testing
· Analyze Android and iOS apps using both static and dynamic techniques.
· Evaluate:
- Insecure local data storage
- Poor API handling and communication
- Reverse engineering and code obfuscation issues

3. Documentation and Reporting
3.1 Findings Documentation Provide detailed reports that include:
- Vulnerability name, description, affected assets
- Evidence and screenshots of exploitation (where applicable)
- CVSSv3 score, CWE reference
- Business impact and likelihood
- Attack paths and chaining analysis (where applicable)

3.2 Executive Summary Business-focused summary report highlighting:
- Top risks
- Trends and systemic issues
- Recommendations for strategic remediation

3.3 Remediation Guidance Provide:
- Actionable remediation steps
- Secure configuration references
- Risk mitigation strategies aligned to best practices

4. Retesting and Verification
- Perform one round of free retesting post-remediation for critical and high-severity findings.
- Provide confirmation of closure for remediated issues.

5. Tools and Techniques
Permitted tools (based on agreed scope) may include but are not limited to:
- Reconnaissance: Shodan, Amass, Recon- ng
- Scanning: Nmap, Qualys, Burp Scanner
- Exploitation: Metasploit, SQLmap, custom scripts
- Web App: Burp Suite Pro, OWASP ZAP, Postman
- Mobile: MobSF, JADX, Frida

Tools and custom payloads must be reviewed for safety before use.

Requirement and Certification
"Technical Expertise:
1. Strong experience in penetration testing, Red Teaming, and adversary simulation.
2. Deep understanding of Windows, Linux, Active Directory, and cloud security (Azure, AWS).
3. Proficiency with C2 frameworks (e.g. Cobalt Strike, Mythic, Havoc, Sliver).
4. Hands-on experience with privilege escalation, Kerberos attacks (e.g., Pass-the-Ticket, Golden Ticket), and lateral movement techniques.
5. Familiarity with Evasion & OPSEC techniques (EDR/SIEM bypass, AMSI evasion, obfuscation).

Tooling & Scripting:
1. Experience with Metasploit, BloodHound, Covenant, Mimikatz, Responder, CrackMapExec.
2. Strong scripting in Python, PowerShell, Bash, or C# for custom tool development.
3. Familiarity with offensive security tool development and malware evasion tactics.

Certifications (Optional):
1. OSCP
2. CRTP
3. CRTE

Soft Skills:
1. Strong problem-solving and creative attack mindset.
2. Ability to work independently and collaborate with security teams.
3. Excellent documentation and reporting skills.