Lead Penetration Tester - Cloud Security

About

Our client is seeking a highly skilled and experienced Lead Penetration Tester with specialized expertise in Cloud Security to join their elite, fully remote security team. This critical role involves conducting in-depth security assessments of cloud infrastructure, applications, and services to identify vulnerabilities and ensure robust protection against sophisticated threats. The ideal candidate will possess a deep technical understanding of cloud environments and a passion for offensive security.

Responsibilities

• Plan, execute, and lead complex penetration tests across various cloud platforms (AWS, Azure, GCP).
• Identify security vulnerabilities in cloud configurations, applications, APIs, containers, and infrastructure-as-code.
• Develop and utilize custom tools and scripts to automate security testing and analysis in cloud environments.
• Perform red team operations and adversarial simulations to assess the effectiveness of cloud security controls.
• Analyze test results, document findings, and provide actionable remediation recommendations to engineering and operations teams.
• Stay current with the latest cloud security threats, vulnerabilities, and attack vectors.
• Contribute to the development and refinement of cloud security best practices and testing methodologies.
• Mentor junior penetration testers and share knowledge across the security team.
• Collaborate with cloud engineering and security operations teams to improve security posture.
• Communicate technical findings clearly and concisely to both technical and non‑technical stakeholders.
• Maintain a strong understanding of compliance frameworks relevant to cloud security (e.g., SOC 2, ISO 27001).

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• 5+ years of experience in penetration testing, with a strong emphasis on cloud security assessments.
• Deep understanding of cloud security principles and services across AWS, Azure, and/or GCP.
• Proficiency in scripting languages such as Python, Bash, or PowerShell for tool development and automation.
• Hands‑on experience with cloud security tools and techniques (e.g., cloud vulnerability scanners, cloud intrusion detection systems, cloud forensics).
• Strong knowledge of common web application vulnerabilities (OWASP Top 10) and network security concepts.
• Experience with container security (Docker, Kubernetes) is a plus.
• Relevant security certifications such as OSCP, CISSP, CCSP, or cloud‑specific security certifications are highly desirable.
• Excellent analytical, problem‑solving, and report‑writing skills.
• Ability to work independently and collaboratively in a remote team environment.

Additional Information

• This is a fully remote position, offering the flexibility to work from anywhere.
• Our client champions diversity and inclusion