Senior Red Team/Penetration Tester

Job Title: Senior Red Team / Penetration Tester

Location: Surulere

Work Mode: Fully Onsite

Experience : 2 Years +

Role summary

We’re looking for a hands-on Senior Red Team / Penetration Tester to lead offensive security engagements that emulate sophisticated threat actors and uncover real-world risks. You’ll design and execute targeted red-team operations and deep technical penetration tests across web, cloud, network, identity and physical security controls, then translate findings into prioritized remediation and measurable risk reduction.

Key responsibilities

• Plan and execute targeted red-team engagements and penetration tests across cloud (Azure), on-prem, network, AD, web apps, APIs, and container/Kubernetes environments.

• Develop realistic adversary emulations (TTPs) mapped to MITRE ATT&CK and run Purple Team sessions to validate detections and playbooks.

• Safely run exploit and persistence techniques in controlled environments, documenting impact, blast radius, and remediation.

• Create high-quality pentest deliverables: executive summary, technical findings, risk ratings, PoCs, step-by-step remediation, and detection tuning recommendations.

• Work with SOC/Detection & Response to improve SIEM/EDR/IDS rules and SOAR playbooks — validate detection efficacy after fixes.

• Drive continuous improvement: exploit research, tooling, automation for red-team ops, and custom tooling where needed.

• Assist with threat hunting exercises and retrospective post-incident adversary TTP mapping.

• Ensure legal and ethical compliance: create and follow Rules of Engagement (RoE), coordinate maintenance windows and stakeholder approvals.

• Mentor junior red/pentest engineers and participate in hiring/interviewing.

Required experience & qualifications

• 2+ years of professional penetration testing / offensive security experience with a track record of end-to-end red-team engagements.

• Deep, practical experience attacking Active Directory environments, Windows/Mac/Linux post-exploitation and lateral movement.

• Strong application security skills (modern web apps, APIs, mobile) and experience with cloud attack surfaces (AWS, Azure, GCP).

• Excellent hands-on skills with common offensive tools and frameworks (e.g., Cobalt Strike, BloodHound, Metasploit, Burp Suite, Nmap, Empire, Impacket) and the ability to write/modify scripts (Python, PowerShell, Bash).

• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience (or relevant certifications and demonstrable skills)

Qualified candidates should send cv to cv@ascentech.com.ng using the Job Title as subject of mail.