Redherd is supporting a search for a Junior to Mid-Level Security Analyst / Penetration Tester to join a respected cybersecurity consultancy delivering offensive security services to organisations across regulated industries. This role is ideal for someone early in their offensive security career who wants to build strong hands‑on experience across web applications, APIs, infrastructure environments, cloud systems, and mobile platforms. You will work alongside experienced penetration testers performing real‑world security assessments, identifying vulnerabilities, validating findings, and contributing to clear remediation guidance for clients. The position offers strong exposure to manual penetration testing techniques beyond automated scanning, including understanding authentication flaws, business logic issues, and common OWASP vulnerabilities. You will also gain experience using industry‑standard tooling such as Burp Suite, Nmap, and Kali Linux, while continuing to develop scripting abilities. Security Analyst (Penetration Testing) Location: Remote (South Africa) | Ideally GautengType: Permanent | Mid Level About Redherd Redherd is a specialist cybersecurity recruitment and advisory firm working globally with security consultancies, product companies, and technology organisations. We partner closely with technically strong teams to identify high‑impact security talent across offensive security, cloud security, vulnerability research, and threat intelligence. About the Client Our client is a respected cybersecurity consultancy delivering offensive security and cyber threat intelligence services to organisations across regulated industries including financial services, retail, and technology. The team works with clients both locally and internationally and operates with a strong emphasis on technical quality, research, and professional development. Role Overview We are seeking a Junior to Mid-Level Security Analyst / Penetration Tester to join a growing offensive security team. This role is ideal for security professionals early in their offensive security career who want to deepen their hands‑on penetration testing skills across modern environments including web applications, APIs, infrastructure, cloud platforms, and mobile applications . You will work alongside experienced penetration testers performing real‑world security assessments, learning advanced testing techniques, and developing practical exploitation and reporting skills. The position is well suited to individuals who are curious, technically motivated, and passionate about discovering vulnerabilities and understanding how systems can be broken and secured. Key Responsibilities Security Testing & Analysis Assist in performing penetration tests across web applications, APIs, mobile applications, infrastructure environments, and cloud systems . Identify and validate security vulnerabilities such as authentication flaws, insecure access controls, and common OWASP vulnerabilities . Support external and internal infrastructure testing including network and Active Directory environments . Assist with cloud security assessments across platforms such as AWS and Azure. Use industry‑standard tools and manual testing techniques to identify security weaknesses. Vulnerability Validation & Reporting Document testing activities and maintain clear testing notes and evidence. Assist in preparing technical reports with vulnerability descriptions and remediation guidance. Work with senior analysts to validate findings and assess business impact. Participate in report reviews and quality assurance processes. Learning & Professional Development Develop technical skills across manual testing, exploitation techniques, and security tooling . Participate in internal knowledge sharing, labs, and research initiatives. Contribute to improving testing methodologies, scripts, or internal tools. Stay current with emerging vulnerabilities, tools, and attack techniques. Required Experience 1–3+ years of experience in penetration testing, vulnerability assessment, or offensive security related work. Foundational understanding of web application security concepts and OWASP Top 10 vulnerabilities . Familiarity with penetration testing tools such as Burp Suite, Nmap, Kali Linux, or similar security tooling . Basic scripting ability in Python, Bash, or PowerShell . Strong curiosity and willingness to learn offensive security techniques. Good written communication skills and ability to document technical findings clearly. Nice to Have Certifications such as eJPT, eWPT, PNPT, OSCP, CREST CPSA, or similar . Exposure to API security testing, mobile security testing, or cloud security concepts . Experience with CTFs, Hack The Box, TryHackMe, or security labs . Familiarity with Linux systems, networking fundamentals, or Active Directory environments . Personal projects, research, or community involvement within cybersecurity. #J-18808-Ljbffr