Experience: Proven experience in successfully delivering infrastructure and application security penetration testing, including testing cloud services and API-based technologies (e.g., IaaS, PaaS, SaaS, FaaS).
Certifications: Industry-recognized certifications such as OSCP, OSCE, CREST, QSTM, SANS/GIAC, CRTP, CRTO, or equivalent.
Security Knowledge: Strong understanding of security and application security standards and best practices (e.g., NIST, OWASP, PCI-DSS, GDPR, CIS Benchmarks, UK NCSC guidelines).
Adversary Simulation: Experience in adversary or attack simulation scenarios, such as Red Teaming or Purple Teaming exercises.
Penetration Testing Tools: Hands-on experience with penetration testing tools (e.g., Cobalt Strike, Caldera, Atomic Red Team, Pentera, Nessus, Burp Suite, OSINT tools).
Advanced Cybersecurity Frameworks: Knowledge of the MITRE ATT&CK Framework, including tactics, techniques, and procedures used by various APT groups.
Programming Knowledge: Understanding or experience with at least one programming language for code analysis and exploitation.
Methodologies: Familiarity with penetration testing methodologies (e.g., OWASP, OSSTM, PTES).
Reporting: Excellent reporting and documentation skills with the ability to clearly identify and communicate high-risk issues and propose effective mitigation strategies.