Senior Penetration Tester

Job Description: DXC Technology is looking for a Senior Penetration Tester to strengthen our offensive security team and take on challenging projects for enterprise-level clients. If you're passionate about discovering vulnerabilities before anyone else and want to be part of a team where deep expertise is truly valued, we’d love to hear from you. Key Responsibilities : Perform advanced penetration testing on web/mobile applications, infrastructure, cloud environments, and OT/ICS systems; Simulate real-world attack scenarios (Red Teaming, Adversary Simulation, TIBER-EU); Produce detailed technical and executive reports with clear, actionable remediation guidance; Develop custom tools (exploits, scripts, payloads) for complex attack scenarios; Work closely with Blue Teams, DevSecOps, and Architecture groups to strengthen clients’ security posture; Help define best practices and contribute to the team’s growth through mentoring and knowledge sharing; Requirements : Bachelor's or Master's degree in a STEM field (Science, Technology, Engineering, or Mathematics) or equivalent hands-on experience; 6 years of hands-on experience in penetration testing, red teaming, or offensive security; Strong knowledge of offensive security, post-exploitation, privilege escalation, lateral movement, and evasion techniques; Familiarity with MITRE ATT&CK, purple teaming, and threat emulation techniques; Proficiency with advanced tools: Cobalt Strike, Sliver, BloodHound, Impacket, Burp Suite Pro, Metasploit, Nmap, Wireshark; Ability to develop custom tools and scripts using Python, PowerShell, Bash, or Go; Solid understanding of security frameworks (OWASP, NIST 800-115, PTES); Strong communication skills in both Italian and English; Preferred Qualifications: Advanced certifications such as OSCE3, OSWE, OSEP, CRTP, GXPN, GCPN, BSCP, Red Team Ops; Proven track record in bug bounty platforms , presence in Hall of Fame listings , or top placements in Capture The Flag (CTF) competitions; Participation as a speaker at security conferences , meetups, or technical webinars; Experience with cloud security (AWS, Azure, GCP) and container escape techniques (Docker/K8s); Experience in highly regulated sectors (e.g., finance, healthcare, TIBER-EU); What We Offer Competitive salary , company benefits, and strong support for continuous learning and certifications Hybrid working model (up to 80% remote) Challenging, high-impact projects with enterprise clients; Access to cutting-edge technologies and real opportunities for career growth; A technically skilled environment with experienced colleagues and internal mentoring; A close-knit, collaborative team where individual well-being matters just as much as professional success. Location: Rome with smart working possibilities LI-HYBRID At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf.More information on employment scams is available here . J-18808-Ljbffr

Location: Roma, Lazio, IT

Posted Date: 7/4/2025