Penetration Tester ? Cloud Security

Job Description

Penetration Tester ? Cloud Security Position: Security Engineer Department: Cybersecurity / Cloud Security Experience: 2?5 We are seeking an experienced cloud penetration tester to assess, exploit, and strengthen the security of our cloud environments (AWS, Azure, GCP). The role involves simulating real-world cyberattacks, identifying vulnerabilities, and delivering actionable remediation recommendations. Key Responsibilities ? Perform in-depth penetration testing on cloud infrastructures (AWS/Azure/GCP). ? Conduct cloud-specific vulnerability assessments and configuration reviews. ? Simulate cyber-attacks to identify weaknesses in cloud applications, networks, APIs, and IAM configurations. ? Evaluate cloud-native security controls (Security Groups, IAM roles, Key Management, WAF, CloudTrail, etc.). ? Test containerized and serverless environments (Docker, Kubernetes, Lambda, Cloud Functions). ? Identify misconfigurations, privilege escalation paths, insecure storage, authentication issues, and API exploits. ? Prepare detailed technical reports and executive summaries with remediation steps. ? Work with DevOps and Cloud teams to improve security posture and ensure secure architecture. ? Assist in threat modeling and secure design of new cloud features/services. ? Stay updated on modern cloud attack tools and techniques (e.g., Pacu, ScoutSuite, Prowler, KubeHound). ?? Skills & Qualifications ? Strong understanding of cloud platforms (AWS, Azure, GCP). ? Hands-on experience with cloud penetration testing tools: ? Pacu, ScoutSuite, Prowler, CloudBrute, Burp Suite, Metasploit, Nmap. ? Familiarity with cloud-native security concepts: ? IAM, VPC, S3, Key Management, Containers, Serverless, API Gateway, WAF, CloudTrail. ? Knowledge of network, API, and web application security. ? Solid understanding of cloud attack vectors: SSRF, misconfigurations, privilege escalation, credential theft, etc. ? Ability to produce high-quality penetration testing reports. ? Scripting skills (Python, PowerShell, Bash) for automation. ? Certifications preferred: OSCP, OSWE, CEH, CCSP, AWS Security Specialty, Azure Security Engineer. ? Preferred Personality Traits ? Strong analytical and exploit development mindset. ? Detail-oriented with the ability to think like an attacker. ? Strong communication skills for explaining findings. ? Continuous learner with curiosity about emerging cloud threats.