5+ years of hands-on experience in offensive security Demonstrable track record of leading complex web application and cloud penetration tests Proven ability to read, review, and identify vulnerabilities in source code (especially Python and JavaScript) Deep, practical experience attacking and auditing cloud environments (AWS, GCP, Azure) and Kubernetes clusters Must hold one or more advanced, industry-recognized offensive security certifications: OSCP, OSWE, OSCE, CRTO, or GIAC (GCPN, GXPN) Expert-level knowledge of modern web application security, including the OWASP Top 10, API security, and common framework vulnerabilities Strong proficiency in common offensive security tools (Burp Suite, Nmap) and C2 frameworks (Cobalt Strike, Sliver, Brute Ratel) Strong written and verbal communication skills