AirOverflow is seeking a highly skilled and experienced Security Engineer to join our offensive security team as a full-time red teamer and penetration tester. This is a senior, hands-on technical role designed for a seasoned professional who has gone beyond the basics and operates with the mindset of an adversary. You will lead and execute comprehensive penetration testing engagements across web applications, networks, infrastructure, and Active Directory environments — delivering actionable intelligence that directly shapes the security posture of our clients. As a core member of AirOverflow's red team, you will also contribute to the development of internal tooling, research, and methodology, helping define how we approach offensive operations at scale. We are looking for someone who doesn't just run scanners and paste CVEs into reports — but someone who thinks creatively, chains vulnerabilities together, and communicates risk with clarity and precision. At AirOverflow, we hold our offensive security team to the highest standard because our clients depend on it. If you are a proven penetration tester with the certifications, the scars, and the hunger to keep pushing forward, we want you on our team at the forefront of Pakistan's cybersecurity revolution.

What You'll Do

• Plan, scope, and independently execute full-cycle penetration testing engagements across web, network, and infrastructure targets
• Conduct red team operations simulating advanced persistent threats (APTs) and real-world adversary tactics
• Perform Active Directory attacks including enumeration, privilege escalation, lateral movement, and domain compromise
• Identify, exploit, and chain vulnerabilities across complex environments with minimal guidance
• Produce detailed, professional penetration testing reports with clear risk ratings and remediation guidance tailored to both technical and executive audiences
• Research and develop custom exploits, scripts, and offensive tooling to support engagements
• Lead knowledge-sharing sessions and mentor junior team members and interns
• Stay ahead of the threat landscape by continuously researching new TTPs, CVEs, and offensive techniques
• Contribute to AirOverflow's service methodology, internal playbooks, and capability development

What We're Looking For

• Minimum 2 years of professional penetration testing or red team experience
• Deep expertise in web application penetration testing including advanced vulnerabilities beyond OWASP Top 10
• Strong command of network penetration testing, Active Directory exploitation, and post-exploitation techniques
• Proficiency with industry-standard tools including Burp Suite Pro, Cobalt Strike, Metasploit, BloodHound, Impacket, and similar
• Ability to write custom scripts and tools in Python, Bash, or PowerShell to support engagements
• Experience writing high-quality, client-ready penetration test reports
• Strong analytical mindset with the ability to think like an attacker across diverse environments
• Excellent communication skills — able to articulate technical risk to both technical teams and business stakeholders

Nice to Have

• Experience with cloud penetration testing (AWS, Azure, GCP)
• Familiarity with malware development, C2 frameworks, or EDR evasion techniques
• Prior experience in a red team or offensive security consultancy
• Contributions to the security community — CVEs, tool development, conference talks, or published research
• Experience in CTF competitions at an advanced or national level

Preferred Certifications

• OSCP (Offensive Security Certified Professional)
• eWPTX (Web Application Penetration Tester eXtreme)
• eCPPT (Certified Professional Penetration Tester)

What We Provide

• Competitive full-time salary commensurate with experience
• A high-impact role at the heart of AirOverflow's offensive security operations
• Continuous learning budget for certifications, courses, and security research
• Collaborative environment with a team of passionate security professionals
• Opportunity to lead engagements, shape methodology, and grow into a leadership role
• Exposure to diverse client environments and complex security challenges
• A front-row seat — and an active role — in building Pakistan's cybersecurity future