We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Penetration Tester at ICE Consulting. Job Overview. We are looking for a motivated and skilled . Penetration Tester with. hands-on experience in . Active Directory, Network, and Web Application penetration testing. . The ideal candidate should be able to identify security vulnerabilities, misconfigurations, and weaknesses across enterprise environments and provide actionable recommendations to improve the organization's security posture.. In addition to traditional penetration testing, the candidate will participate in purple-team. exercises. , collaborating with defensive teams to simulate real-world attack scenarios and strengthen detection and response capabilities. An interest in . SOC operations, monitoring, and threat detection. will be considered a strong advantage.. . . Key Responsibilities. Perform . Active Directory penetration testing. to identify privilege escalation paths, insecure configurations, and potential lateral movement opportunities.. Conduct . internal and external network penetration tests. to identify vulnerabilities and weaknesses within the enterprise infrastructure.. Perform . web application penetration testing,. including authentication testing, input validation, session management, and business logic testing.. Identify and analyze . security misconfigurations across systems, services, and network infrastructure. .. Conduct . security audits and configuration reviews. to identify gaps against security best practices and industry standards.. Perform . risk assessments. by evaluating vulnerabilities, misconfigurations, and their potential business impact.. Document . security findings, misconfigurations, and vulnerabilities. with clear risk ratings and remediation guidance.. Participate in . purple team engagements. by simulating attacker techniques and helping SOC teams improve detection and response capabilities.. Support . threat simulation exercises. based on real-world attack techniques and frameworks such as MITRE ATT&CK.. Work closely with SOC and defensive teams to improve . alerting, monitoring, and threat detection use cases. .. Assist in validating remediation efforts by performing . retesting and verification of fixes. .. Prepare . technical and executive-level reports. summarizing findings, risks, and recommended mitigation strategies.. . . Required Skills & Experience. • Hands-on experience in . Active Directory security assessments and penetration testing. • Strong knowledge of . network penetration testing methodologies. • Experience in . web application security testing (OWASP Top 10). • Understanding of . security configuration reviews and misconfiguration analysis. • Experience performing . vulnerability validation and risk analysis. • Hands-on experience with tools such as:. Nmap. Burp Suite. Metasploit. BloodHound. Impacket. CrackMapExec. • Strong understanding of . Windows security architecture and AD attack techniques. • Knowledge of . network protocols, authentication mechanisms, and common attack vectors. . Nice to Have. Experience with . Purple Team exercises. Exposure to . SOC operations, SIEM platforms, or security monitoring. Familiarity with . MITRE ATT&CK framework. Scripting knowledge (Python, PowerShell, Bash). Exposure to . cloud security assessments (Azure / AWS). . Preferred Certifications (Optional). PNPT. eCPPT. GPEN / GWAPT. . . Soft Skills. Strong analytical and problem-solving mindset. Ability to clearly communicate technical risks and remediation steps. Good documentation and reporting skills. Ability to collaborate with both offensive and defensive security teams. Strong curiosity and passion for . continuous learning in cybersecurity. Company Location: Pakistan.