Back to Jobs
BDO RISE is hiring - Network Penetration Tester - Senior/AM/Manager
Actively Reviewing
BDO RISE
Job Description
Job Duties:
- Executes client penetration testing and vulnerability assessment engagements across external and internal networks, Active Directory, web applications, APIs, cloud platforms, and Microsoft 365, including reconnaissance, attack surface discovery, and service
- enumeration Uses offensive security tools and techniques to identify, validate, and demonstrate exploitability, including Kali Linux toolchain, Nessus/Tenable, Nmap, Burp Suite, Metasploit, and BloodHound, and validates exploitability end to end for High and Critical findings and when feasible for other findings.
- Performs authenticated testing when appropriate by coordinating access approvals, applying least privilege, safeguarding secrets, and confirming access removal or rotation at engagement close out.
- Performs web and API security testing using Burp Suite and related techniques, focusing on authentication, session management, access control, injection, insecure deserialization, and business logic, and documents reproducible steps and payloads for remediation and retesting
- Evaluates AI-enabled applications and LLM integrations for common risks (for example, prompt injection, sensitive data exposure, insecure output handling, and tool or function calling abuse) and provides practical mitigation guidance aligned to OWASP Top 10 for LLM Application
- Supports scoping and delivery under the direction of an assigned Project Manager by documenting objectives and rules of engagement, coordinating technical logistics with client teams, providing timely status updates across concurrent engagements, and ensuring testing is performed safely within approved scope
- For internal and Active Directory engagements, maps and demonstrates feasible attack paths, for example, using BloodHound or equivalent, including privilege escalation and lateral movement, validates root causes in configuration and permissions, and provides actionable remediation
- Maintains thorough, reproducible workpapers and evidence with appropriate data protection practices, participates in peer review and quality assurance, and escalates critical findings quickly to support timely mitigation
- Produces high-quality client deliverables, including test plans, technical reports, and executive readouts, with clear evidence, proof-of-exploit artifacts, risk ratings, reproduction steps, and prioritized remediation recommendations, and facilitates results discussions and remediation workshop
- Facilitates red team style engagements in collaboration with client SOC teams by coordinating deconfliction, leveraging SIEM telemetry to validate detection and response, and supporting threat hunting and purple team activities tied to observed attacker behavior
- Performs validation and retesting to confirm remediation effectiveness and documents retest results for client stakeholders
- Builds and maintains internal offensive security tooling, scripts, and reusable testing components, including automation and agent-based utilities, to improve assessment repeatability and quality. Contributes through Git workflows, pull requests, and code revie
Qualifications, Knowledge, Skills, and Abilities
Education
- Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related field, preferred (or equivalent experience
Experiene
- Four (4) or more years of hands-on penetration testing and security assessment experience (network, web, API, wireless, cloud, and/or Microsoft 365), including scoping, execution, reporting, and client presentations, required
- Demonstrated experience producing professional services deliverables (test plans, technical reports, executive summaries) and communicating complex technical issues to non-technical stakeholders, required
- Experience testing AI-enabled applications (including LLM-based features) and familiarity with emerging guidance such as OWASP Top 10 for LLM Applications, preferred
- Experience supporting social engineering assessments, such as phishing, vishing, baiting, and tailgating, preferred
- Strong fundamentals in Windows and Linux administration, TCP/IP networking, and DNS, required.
- Hands-on experience administering and troubleshooting Active Directory in enterprise environments, including users and groups, group policy, permissions, and DNS integration, plus foundational knowledge of authentication protocols and identity flows such as Kerberos, NTLM, SAML, OAuth 2.0, and OpenID Connect, required.
- Experience working with SIEM platforms and core SOC workflows, including basic threat hunting and alert triage to validate detections during red team or purple team activities, preferred
- Hands-on experience with scripting/automation and light tool development to improve testing efficiency and repeatability (e.g., Python, PowerShell, Bash), required
- DevOps and engineering fundamentals, including Git version control, pull request workflows, and exposure to CI/CD and containers (for example, GitHub Actions, Azure DevOps pipelines, Docker), preferred
- Experience conducting internal network and Active Directory penetration tests, including attack path mapping (for example, using BloodHound or equivalent), privilege escalation, lateral movement, and prioritized remediation guidance, preferred
- Three (3) or more years of experience supporting IT Penetration and Security projects such as PTES, OWASP, SANS, or other cyber security frameworks, preferred
- Experience working within a national consulting organization or professional services, prefer
Software
- Proficient in the use of Windows and Microsoft Office Suite, specifically Word, Excel, and PowerPoint, required.
- Proficient with offensive security and assessment toolsets (e.g., Kali Linux toolchain, Burp Suite, Metasploit, Nmap, Nessus/Tenable, and common AD assessment tooling such as BloodHound), including scan configuration/tuning, manual verification, and evidence collection, required.
- Familiarity with SIEM tooling and log investigation workflows (for example, Splunk and Microsoft Sentinel) to support validation of detection and response during engagements, preferred
- Proficient with Git-based source control and collaboration platforms (for example, GitHub), including branching, pull requests, and peer review, required
- Experience using AI-assisted development tools (for example, GitHub Copilot and Claude Code) to accelerate scripting and tool development, with the ability to use these tools responsibly without exposing client confidential data or sensitive credentials, preferred
- Experience with cloud platforms and identity/security services (e.g., Microsoft Azure and Microsoft 365) and the ability to script/automate tasks (e.g., Python, PowerShell, Bash), preferred
- Familiarity with AI/LLM security testing approaches and tooling (e.g., structured prompt testing, abuse-case libraries, and API-driven test harnesses) and the ability to use AI-assisted tooling responsibly without exposing client confidential data, preferred.
Required Skills
Similar Jobs
View all →
Cloud Engineer
WNS
Gurgaon
Session management
REST API
Adobe Illustrator
+16
Manager - Customer Interaction Suite - Customer Interaction Suite
Tata Communications
Pune
Project Management
REST API
Adobe Illustrator
+21
Cybersecurity Engineer
Datamatics Technologies
Bengaluru
Compliance frameworks
ISO 27001
Prisma
+14
Database Administrator
Datamatics Technologies
Bengaluru
Capacity Planning
Vertex AI
Query optimization
+21
DE-Platform Engineer Senior-VG-F02
EY
Hyderabad
Red Hat
Adobe Illustrator
Java
+26
Similar Jobs
View all →
Cloud Engineer
WNS
Gurgaon
Manager - Customer Interaction Suite - Customer Interaction Suite
Tata Communications
Pune
Cybersecurity Engineer
Datamatics Technologies
Bengaluru
Database Administrator
Datamatics Technologies
Bengaluru
DE-Platform Engineer Senior-VG-F02
EY
HyderabadShare
Quick Apply
Upload your resume to apply for this position
–