We are looking for a highly skilled Senior Penetration Tester to lead and execute complex security assessments against our digital assets. You will conduct advanced penetration tests, red team exercises, and vulnerability assessments across infrastructure, applications, cloud, and networks. Your work will directly strengthen our defense posture by uncovering weaknesses before threat actors do.

You’ll collaborate closely with blue teams, developers, and system architects to provide actionable insights and guide remediation efforts.

Key Responsibilities

• Conduct advanced penetration tests against web/mobile applications, internal/external networks, APIs, cloud environments, and physical systems.
• Lead red team engagements, social engineering campaigns, and simulated APTs.
• Develop detailed and professional reports outlining vulnerabilities, attack paths, risk ratings, and remediation recommendations.
• Perform threat modeling and reconnaissance to support testing objectives.
• Assess the security of cloud-based infrastructure (AWS, Azure, GCP).
• Collaborate with blue teams to enhance detection and response (purple teaming).
• Automate repetitive tasks and develop custom tools or exploits when necessary.
• Stay current with TTPs, 0-days, and adversarial techniques (MITRE ATT&CK, OWASP, etc.).
• Mentor junior pentesters and contribute to team capability building.

Required Qualifications

• 5–10+ years of experience in cybersecurity, with 3+ years focused on penetration testing or red teaming.
• Strong knowledge of common vulnerabilities (OWASP Top 10, CVEs, etc.) and exploitation techniques.
• Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Cobalt Strike, BloodHound, Empire, etc.
• Proficiency in scripting languages (Python, Bash, PowerShell) for automation or exploit development.
• Experience with Linux, Windows, and cloud platform security assessments.
• Excellent report writing and communication skills — ability to clearly present technical findings to both technical and non-technical audiences.

Preferred Certifications

• OSCP (Offensive Security Certified Professional) – strongly preferred
• OSCE / OSEP / OSWE / OSEE – a major plus
• CRTP / CRTE / CRTO / PNPT / GPEN / GXPN
• CPT / CEH (Practical) – accepted but must be backed by demonstrable skills

About Company

The name Payatu is derived from kalaripayattu, one of the oldest martial arts in the world, still in existence, that originated in Kerala, a state found along the southwestern coast of India. Kalaripayattu is a combination of two words – Kalari meaning school, gym, battleground, etc., and payattu, which means to practice, exercise, etc. Why did we choose the name Payatu? 

The primary factors while choosing the name were our roots and vision 

1. Roots – We are proud to be part of one of the most influential and the oldest cultures on earth. 
2. Vision – We always look ahead, which meant to apply our learning to safeguard the future of cyberspace and to be remembered, in the future, as one of the oldest cybersecurity companies, still in existence, that is at the forefront of securing the future technology. 

This gave birth to Payatu (without a double t) as you know it today. We exercise our learning and passion for cybersecurity to safeguard the future of technology.