Red Team Penetration Tester

Lahore, Punjab, Pakistan
Full Time
ASC
Mid Level

About Us:
ACE Money Transfer is a UK-based company headquartered in Manchester, United Kingdom. The company is an online remittance service provider for customers in the UK, Canada, Australia, and the European Union, including Switzerland. The company is a parent company in a group of companies with a diversified portfolio, including digital wallet services in the UK and real estate, advertising businesses, and software solutions in Pakistan.


ROLE OVERVIEW

Responsible for conducting structured adversarial simulations and technical penetration tests across ACE Money Transfer's application, infrastructure, cloud, and identity environments. Operating under a PTES-aligned methodology, the role identifies security weaknesses before threat actors can exploit them and produces high-quality findings that directly inform ACE's remediation priorities and security roadmap.

KEY RESPONSIBILITIES

  • Plan and execute penetration tests across web applications, internal/external infrastructure, cloud (cloud platform), M365, and identity (Identity platform) environments
  • Conduct adversarial simulations following the PTES methodology: Pre-Engagement, OSINT, Threat Modelling, Exploitation, Post-Exploitation, and Reporting
  • Perform application security testing covering OWASP Top 10, business logic abuse, API security, and authentication/authorisation bypass
  • Execute network-layer assessments: port scanning, service enumeration, lateral movement, privilege escalation, and credential harvesting
  • Conduct cloud security assessments targeting cloud platform IAM misconfiguration, S3 exposure, Lambda abuse, and cross-account pivot scenarios
  • Perform phishing simulations and social engineering exercises as part of approved red team campaigns
  • Produce CVSS-scored penetration test reports with executive summaries, finding narratives, proof-of-concept evidence, and prioritised remediation guidance
  • Validate remediation of previously identified findings through structured retest engagements
  • Collaborate with the Blue Team and SIEM/Detection Engineer to improve detection coverage based on red team TTPs
  • Mentor Red Team interns: set scoped exercises, review deliverables, and provide structured technical feedback

REQUIRED SKILLS & EXPERIENCE:
 
  • 2 to 3 years of hands-on penetration testing across web application, network, and/or cloud environments
  • Proficiency in offensive tooling: web application testing tool, exploitation framework, network scanner, vulnerability scanner, AD enumeration tool, network protocol toolkit, or equivalents
  • Strong understanding of OWASP Top 10, CWE classifications, and CVSS scoring
  • Experience with Active Directory / Identity platform attack paths , Kerberoasting, Pass-the-Hash, Golden Ticket
  • Ability to write or adapt exploit code in Python, Bash, or PowerShell
  • Experience producing professional pentest reports for both technical and executive audiences
  • One or more certifications: OSCP, CRTO, CPTS, CEH (Practical), or eWPT

DESIRABLE
 
  • Cloud penetration testing experience cloud platform IAM privilege escalation and misconfig exploitation
  • Familiarity with C2 frameworks: C2 framework, C2 framework, or C2 framework
  • Experience with assumed breach or purple team exercises with active Blue Team collaboration
  • Familiarity with TIBER-EU or threat-intelligence-led red team frameworks
  • Knowledge of DORA or PCI DSS v4.0.1 as applied to security testing scope

ACE Money Transfer profile:https://acemoneytransfer.com/company-profile

Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file