Penetration Tester (Ethical Hacker) at GVA Partners

GVA PartnersLagos, Nigeria Software Development

Full Time

Growth in Value Alliance (GV Alliance) Partners is a business advisory and market intelligence services firm. Our objectives are to assist organizations to achieve their growth aspirations by providing market intelligence, strategy blueprint, IT solution delivery expertise and business operation improvement capabilities. GVA Partners is also a leading name within the recruitment industry. We have built our reputation on over the years by understanding the markets, businesses and individuals within the markets we work with and this has enabled us to deliver seamless and comprehensive recruitment solutions Our Value Proposition GVA’s unique value proposition is our familiarity with both global and local business environment and depth of expertise of our consultants. Our consultants have deep industry experience and have worked in various roles as project managers, solutions architect, business analysts, product developers, strategy consultants and have over the years assisted global clients in delivering market changing solutions. We typically resource all engagements with personnel that have gained direct and related experience from similar assignments. Our approach takes an industry focus by working with business owners to solve their toughest challenges through applied innovation backed by skilled resources, deep strategic alliances and full spectrum delivery across strategy, implementation management and operations. GVA has always been known for foresight, resilience and impact. We are known for our deep industry and functional expertise and we employ a practical approach to build capabilities and deliver real impacts. Our clients expect exceptional results and we succeed by being integral to their success.

Job Summary

We are seeking a skilled and driven penetration tester with a hacker mindset to proactively Simulate real world attacks to identify, assess and exploit security vulnerabilities.
You’ll be part of a fast-paced security team, expected to think like an adversary while maintaining ethical standards and compliance.
You must be capable of both automated and manual testing, custom script writing, and producing detailed yet understandable reports.

Key Responsibilities

Conduct black-box, gray-box, and white-box penetration tests on: organization’s Web apps, Mobile apps, APIs.
Perform social engineering and phishing simulation campaigns
Develop and execute custom exploits where necessary
Document proof-of-concept exploits and provide risk-ranked findings
Conduct red team exercises simulating advanced persistent threats (APT)
Analyze security findings from Hacker One and recreate vulnerabilities
Collaborate with developers, Appsec Team, DevOps, and product teams to provide remediation guidance
Stay current on CVEs, exploits, hacker tools, and threat actor techniques (TTPs)
Weekly updates and debriefs with stakeholders
Manual Application and Api Penetration testing based on Owasp top 10 (Mobile,Web,Api)

Minimum Requirements

Proven experience in offensive security or ethical hacking
Demonstrated history with Bug Bounty programs or CTF competitions
Deep understanding of web technologies, cloud platforms, and modern infrastructure
Ability to write and explain exploits or security PoCs clearly
Strong report writing and communication skills

Tools and Platforms (it’s expected to have a knowledge of how to use at least one of each of the listed tools):

Burp Suite, OWASP ZAP, Nmap,
Mobile security tools: MobSF, Frida, jadx, Objection, genny motion, Andriod studio.
Kali Linux, Parrot OS, custom scripts in Python, Bash, PowerShell.
Postman, for API testing
Security Standards & Compliance
OWASP Top 10 (Web, API, Mobile)
CIS Benchmarks
NIST 800-53, ISO/IEC 27001

Preferred Qualifications: