18 Penetration Tester jobs in Pakistan

Conduct authorized security assessments against web, cloud, and infrastructure targets to identify vulnerabilities, verify exploitability, and deliver actionable remediation guidance.

Responsibilities

• Plan and execute agreed penetration tests (web apps, APIs, cloud, networks) under rules of engagement.
• Produce clear technical reports with risk rating, reproduction steps, and remediation recommendations.
• Work with engineering teams to validate fixes and re-test.
• Keep tools, techniques, and test methodology up to date; contribute to internal playbooks.

Required

• 3+ years in offensive security/penetration testing or red-team engagements.
• Strong web app, network, and host testing experience; familiarity with common tools and manual testing techniques.
• Experience producing clear technical and executive reports.
• Bachelor's in CS/IT or equivalent experience.

Desired

• OSCP, OSWE, CREST, eJPT or similar certification.
• Experience with cloud (AWS/Azure/GCP) security testing.

Compliance

All work is strictly authorized and performed under approved scopes and legal agreements.

Job Type: Full-time

Work Location: In person

Job Title: Penetration Tester

Location: On-Site

Type: Full-Time

We're looking for a
Penetration Tester
to join our security team. The ideal candidate will possess a strong foundation in web security, practical experience with penetration testing tools, and the ability to work independently while contributing effectively to team objectives.

What You'll Be Doing

• Performing penetration tests on
  web applications, APIs, and related systems.
• Using both
  manual techniques and tools
  .
• Identifying, validating, and documenting vulnerabilities with clear, actionable reports.
• Staying updated on
  latest security exploits and methodologies.
• Collaborating with the team to improve testing processes and security posture.

Experience

• Solid grasp of
  web fundamentals
  and
  application security
  concepts.
• Hands-on experience with
  common pentesting tools.
• Knowledge of
  OWASP Top 10
  ,
  vulnerability assessments
  ,
  exploitation basics
  , and
  reporting.
• Strong
  research
  and
  problem-solving skills.
  Able to self-learn and adapt quickly.
• 1-2 years of relevant experience preferred.

If you're passionate about security and ready to take ownership of meaningful projects, we'd love to hear from you. Apply now by sending your CV or connect with us here on LinkedIn.

This is a
night-shift role
(aligned with U.S. time zones), as most of our clients are based outside Pakistan. Candidates should be comfortable working during these hours.

Senior Offensive Security Roles

Join
Stork
, a leader in advanced cybersecurity solutions, as we expand our team in Islamabad. We're hiring
senior-level professionals
in offensive security and penetration testing. If you have the skills and passion to work on
cutting-edge cybersecurity projects
, we'd love to hear from you.

Available Positions:

1. Senior
   Android OS Developer
   – Offensive Security Focus
2. Senior
   Offensive Penetration Tester – Network
3. Senior Offensive Penetration Tester – Web
4. Senior C/C++ Windows OS Developer
   – Offensive Security Focus
5. Senior
   C/C++ Linux OS Developer
   – Offensive Security Focus

What We Offer

• Competitive salary packages
  with performance-based bonuses
• Comprehensive benefits
  , including health coverage and paid leave
• Opportunities for professional growth
  with advanced security training and certifications
• Modern, collaborative workspace
  in our Islamabad office

Why Join Us

At Stork, you'll be part of a team that
pushes the boundaries of cybersecurity innovation
. We provide a platform where your expertise drives impact — from vulnerability research to developing real-world exploit solutions.

How to Apply

Apply directly through
LinkedIn
or email your
resume and cover letter
to  

with the job title in the subject line.

Be part of the team that's securing the future. 
Join Stork today
.

Equal Opportunity

• We are an
  equal opportunity employer
  . All qualified applicants will be considered without regard to race, color, religion, gender, or any other status protected by law

Key Responsibilities

1. Penetration Testing & Vulnerability Assessments

• Perform comprehensive penetration tests on web applications, APIs, and mobile apps, including authentication mechanisms, business logic, session management, and data security controls.
• Execute cloud penetration testing engagements across AWS, Azure, and GCP environments, focusing on IAM misconfigurations, container security (Kubernetes, Docker), serverless functions, and storage services.
• Conduct firewall and perimeter security assessments, including rule-set reviews, evasion techniques, port/protocol testing, and VPN security validation.
• Simulate real-world attack scenarios (Red Team/Blue Team exercises) to assess detection and response capabilities.
• Lead and design threat modeling sessions to proactively identify risks in new systems or architectures.

2. Exploitation & Advanced Techniques

• Develop and use custom scripts, exploits, and tools when off-the-shelf solutions are insufficient.
• Perform privilege escalation, lateral movement, and persistence testing within controlled environments.
• Exploit misconfigurations, insecure code, or weak controls to demonstrate potential business impact.
• Research and simulate emerging attack vectors relevant to web, cloud, and network infrastructures.

3. Reporting & Stakeholder Communication

• Deliver clear, actionable, and prioritized reports highlighting vulnerabilities, risks, and business impact.
• Translate complex technical findings into business-friendly recommendations for executives and non-technical stakeholders.
• Collaborate with software developers, cloud engineers, and network/security administrators to validate vulnerabilities and advise on remediation.
• Provide post-assessment debriefs and knowledge-sharing sessions with IT and security teams.

4. Security Advisory & Continuous Improvement

• Contribute expertise during secure design reviews of web applications, APIs, cloud deployments, and network architectures.
• Advise teams on hardening measures, best practices, and compliance with security frameworks (OWASP ASVS, CIS Benchmarks, NIST, ISO
• Develop methodologies and playbooks for web, cloud, and firewall penetration testing to standardize assessments across the organization.
• Continuously research new exploits, vulnerabilities, and security tools, ensuring testing techniques remain cutting-edge.

Job Type: Full-time

Work Location: In person

Application Security Penetration Tester

Shift
: 09:00 AM to 06:00 PM

Unit:
POS

Experience
: 2 to 3 years

Department:
Software Development

Location:
DHA, Phase 6, Karachi

Full-time, onsite

About the Role

We are seeking an experienced Application Security Penetration Tester to assess and strengthen the security of our web applications, mobile applications (iOS/Android), backend services, and deployment environment. The role involves performing security assessments, penetration testing, and vulnerability analysis, and providing actionable recommendations to remediate identified risks.

Responsibilities

• Conduct penetration testing on web applications, mobile apps, and APIs to identify security vulnerabilities.
• Assess backend services, databases, and authentication mechanisms for common attack vectors (SQLi, XSS, CSRF, IDOR, privilege escalation, etc.).
• Perform mobile application security testing (static & dynamic analysis, API security, insecure storage, reverse engineering).
• Review and test deployment environments for misconfigurations, insecure dependencies, and cloud/server-side risks.
• Map findings against industry standards (OWASP Top 10, OWASP MASVS, SANS CWE Top 25).
• Provide a detailed Security Assessment Report (SAR) with risk categorization, impact analysis, and remediation steps.
• Collaborate with development and DevOps teams to help prioritize and fix vulnerabilities.

Required Skills & Qualifications

• Proven experience in application penetration testing (web, mobile, APIs).
• Strong knowledge of OWASP Top 10, OWASP MASVS, SANS CWE 25.
• Hands-on experience with security tools such as:
• Burp Suite, OWASP ZAP, Postman, Metasploit, Nmap, Nikto, MobSF, Frida, Drozer, IDA, etc.
• Familiarity with backend technologies (PHP, Python, , etc.) and databases (MySQL, PostgreSQL, etc.).
• Experience with mobile app testing frameworks (static/dynamic analysis, reverse engineering).
• Good understanding of cloud/infrastructure security basics (AWS, GCP, or on-prem servers).
• Strong reporting and communication skills.
• Relevant certifications (nice to have, not mandatory): OSCP, OSWE, OSEP, CEH, GPEN, GMOB.

Nice to Have

• Experience with compliance-oriented testing (PCI-DSS, GDPR, ISO 27001, etc.).
• Familiarity with CI/CD security (DevSecOps pipelines).

Overview

Translation Empire is seeking a PEN Tester – Crest Registered (CRT) to join our cybersecurity team. The ideal candidate will be responsible for conducting advanced security assessments and penetration testing activities across networks, applications, cloud infrastructure, and mobile platforms. This role requires a deep understanding of offensive security techniques and the ability to deliver clear, actionable remediation guidance to technical and non-technical stakeholders.

• Plan, execute, and report on penetration tests against web applications, network, infrastructure, and databases.
• Identify and exploit security vulnerabilities to assess the risk to the business.
• Produce high-quality technical reports and executive summaries.
• Collaborate with internal stakeholders to validate findings and recommend mitigation strategies.
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques.
• Support security awareness initiatives and contribute to internal security improvements.
• Provide mentorship to junior testers or team members where applicable.

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience).
• Must have CREST Registered Penetration Tester (CRT) or higher certification (e.g., CCT INF, CCT APP).
• Proven experience in conducting penetration tests across various platforms.
• Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK, and common exploitation frameworks (e.g., Metasploit, Burp Suite, Cobalt Strike).
• Proficient in scripting or coding languages such as Python, PowerShell, or Bash.
• Experience with both manual and automated testing techniques.
• Familiarity with reporting tools and formats used in regulated industries.
• Excellent communication and documentation skills.

Work from Office.

Bahria Town Ph 7 Office.

Market Competitive.

About the Job:

Translation Empire is seeking a PEN Tester – Crest Registered (CRT) to join our cybersecurity team. The ideal candidate will be responsible for conducting advanced security assessments and penetration testing activities across networks, applications, cloud infrastructure, and mobile platforms. This role requires a deep understanding of offensive security techniques and the ability to deliver clear, actionable remediation guidance to technical and non-technical stakeholders.
Responsibilities:

· Plan, execute, and report on penetration tests against web applications, network, infrastructure, and databases.

· Identify and exploit security vulnerabilities to assess the risk to the business.

· Produce high-quality technical reports and executive summaries.

· Collaborate with internal stakeholders to validate findings and recommend mitigation strategies.

· Stay up to date with the latest security threats, vulnerabilities, and attack techniques.

· Support security awareness initiatives and contribute to internal security improvements.

· Provide mentorship to junior testers or team members where applicable.

Qualification and Experience:

· Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience).

· Must have CREST Registered Penetration Tester (CRT) or higher certification (e.g., CCT INF, CCT APP).

· Proven experience in conducting penetration tests across various platforms.

· Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK, and common exploitation frameworks (e.g., Metasploit, Burp Suite, Cobalt Strike).

· Proficient in scripting or coding languages such as Python, PowerShell, or Bash.

· Experience with both manual and automated testing techniques.

· Familiarity with reporting tools and formats used in regulated industries.

· Excellent communication and documentation skills.

Work mode:

Work from Office.

Location:

Bahria Town Ph 7 Office.

Salary:

Market Competitive.

• Plan, execute, and report on penetration tests against web applications, network, infrastructure, and databases
• Identify and exploit security vulnerabilities to assess the risk to the business
• Produce high-quality technical reports and executive summaries
• Collaborate with internal stakeholders to validate findings and recommend mitigation strategies
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques
• Support security awareness initiatives and contribute to internal security improvements
• Provide mentorship to junior testers or team members where applicable
  
  

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience)
• Must have CREST Registered Penetration Tester (CRT) or higher certification (e.g., CCT INF, CCT APP)
• Proven experience in conducting penetration tests across various platforms
• Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK, and common exploitation frameworks (e.g., Metasploit, Burp Suite, Cobalt Strike)
• Proficient in scripting or coding languages such as Python, PowerShell, or Bash
• Experience with both manual and automated testing techniques
• Familiarity with reporting tools and formats used in regulated industries
• Excellent communication and documentation skills
  
  

• Plan, execute, and report on penetration tests against web applications, network, infrastructure, and databases
• Identify and exploit security vulnerabilities to assess the risk to the business
• Produce high-quality technical reports and executive summaries
• Collaborate with internal stakeholders to validate findings and recommend mitigation strategies
• Stay up to date with the latest security threats, vulnerabilities, and attack techniques
• Support security awareness initiatives and contribute to internal security improvements
• Provide mentorship to junior testers or team members where applicable
  
  

• Bachelor's degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience)
• Must have CREST Registered Penetration Tester (CRT) or higher certification (e.g., CCT INF, CCT APP)
• Proven experience in conducting penetration tests across various platforms
• Strong knowledge of OWASP Top 10, NIST, MITRE ATT&CK, and common exploitation frameworks (e.g., Metasploit, Burp Suite, Cobalt Strike)
• Proficient in scripting or coding languages such as Python, PowerShell, or Bash
• Experience with both manual and automated testing techniques
• Familiarity with reporting tools and formats used in regulated industries
• Excellent communication and documentation skills