Senior Penetration Tester – Infrastructure, Platform & Backend

Heirs Technologies

Remote

About the Role

We are looking for an experienced Senior Penetration Tester to lead offensive security testing across our cloud-hosted digital banking platform. In this role, you will identify, validate, and exploit security vulnerabilities across cloud infrastructure, Kubernetes environments, backend services, APIs, CI/CD pipelines, and banking integrations.

Working closely with the Cyber Security leadership team, you will provide technical expertise that strengthens our security posture, influences remediation priorities, and helps ensure our platforms meet the highest security standards.


Key Responsibilities

  • Plan and execute penetration tests across cloud infrastructure, networks, and backend systems.
  • Assess the security of AWS cloud environments, Kubernetes clusters, IAM configurations, VPNs, firewalls, and network segmentation.
  • Perform API security testing, including authentication, authorization, encryption, and injection testing.
  • Evaluate CI/CD pipelines, container security, infrastructure-as-code, and software supply chain controls.
  • Conduct database and infrastructure security assessments.
  • Perform assumed-breach and lateral movement exercises.
  • Produce detailed penetration testing reports with risk ratings, proof-of-concept evidence, and remediation recommendations.
  • Present findings to technical and executive stakeholders.
  • Validate remediation efforts through retesting.


Required Qualifications

Experience

  • Minimum 5 years of hands-on penetration testing experience.
  • At least 3 years focused on:
  • AWS cloud security
  • Kubernetes security
  • CI/CD pipeline security
  • Infrastructure penetration testing

Technical Skills

Strong experience with:

  • AWS Security Services
  • Kubernetes Security
  • API Security Testing
  • Network Security
  • VPN Security
  • Container Security
  • Infrastructure-as-Code security
  • OWASP Testing Methodologies

Experience using tools such as:

  • Burp Suite Professional
  • Nmap
  • Metasploit
  • Nuclei
  • kubectl
  • AWS CLI
  • Checkov
  • Trivy
  • Python or Go scripting


Certifications

Required

  • Offensive Security Certified Professional (OSCP)

Highly Preferred

  • Offensive Security Experienced Penetration Tester (OSEP)
  • AWS Certified Security – Specialty
  • Certified Kubernetes Security Specialist (CKS)
  • Certified Kubernetes Application Developer (CKAD)
  • GIAC Penetration Tester (GPEN)

Preferred Experience

  • Financial Services, Banking, or FinTech environments
  • PCI-DSS and ISO 27001
  • Payment platform security
  • Cloud WAF security
  • Runtime security tools (Falco, Tetragon, Groundcover)
  • Red Team engagements
  • Multi-cloud environments

What We're Looking For

We're looking for someone who:

  • Demonstrates deep technical expertise in offensive security.
  • Can identify complex vulnerabilities beyond automated scanning.
  • Produces high-quality technical reports for both technical and executive audiences.
  • Exercises sound judgment when handling critical security findings.
  • Maintains the highest standards of professionalism and integrity.
  • Stays current with emerging attack techniques and threat intelligence.


How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.