5 Bug Bounty Jobs

Technical Skills, Experince & Qualification Required :- Manual Pentesting of web application, infrastructure, mobile app Extensive knowledge in the areas of information system security Coding ability (at the very least Python) Recognized credential on a hacking platform: training (HTB, root-me, etc.) or bug bounty (synack, hackerone, etc.) Experience in relevant tools : Burp Suite or equivalent, network discovery, vulnerability scanner, OSINT, exploitation and post-exploitation on web app, OS, infra and mobile application, payload customization, virtualization. Deep knowledge in manual web application penetration testing and payload customization Expertise in at least one programming language Experience in working on Linux and Windows environment Cloud environment testing (AWS, Azure) Certifications Required : Offensive security : OSWE, OSCE, OSCP, OSWP, OSEE certification EC-Council certification (APT, LPT, not CEH) Government sponsored certification : CREST, PASSI PCI DSS certification ISO 27001 certification SANS or equivalent certification Immediate Joiners will be preferred

Hi All, We are hiring for our MNC client for Pune for Information Security vulnerability. Job requirement : Minimum 3 years relevant experience with Vulnerability Management. Hands on GCIM. Hands on experience with Bug Bounty or Incident Management Cyber security analysis. Preferred Qualifications : ITIL V4 Professional security certifications such as CompTIA Security+/ Cybersecurity Analyst+, or Systems Security Certified Practitioner (SSCP), or CISM(Certified Information Security Manager), or CISA(Certified-Information-Systems-Auditor),or EC-Council Certified Ethical Hacker (CEH) or Certified Secure Software Lifecycle Professional (CCSLP) or GIAC Web Application Defender (GWEB) Knowledge of industry standard security compliance programs PCI (Payment Card Industry), GDPR (General Data Protection Regulation), NIST Cyber Security Framework etc.) Experience working with ticketing systems such as Service Manager, IBM Control Desk and/or JIRA

Job Summary We are looking for an Application Security Analyst with 2-3 years of experience in IT and security to strengthen our security team. The ideal candidate will focus on securing web and mobile applications (Android/iOS) by conducting penetration testing, vulnerability assessments, API security reviews, and ensuring compliance with security best practices . Key Responsibilities Application Security & Penetration Testing Conduct security assessments for web, mobile (Android/iOS), and APIs . Identify, exploit, and remediate OWASP Top 10 vulnerabilities. Perform manual and automated security testing to uncover security risks. Conduct secure code reviews to detect application security flaws. Mobile Security (Android & iOS) Perform static and dynamic analysis of Android/iOS applications. Identify security risks such as insecure data storage, API vulnerabilities, and jailbreak/root detection bypass . Utilize tools like MobSF, Frida, Burp Suite, Objection, Drozer, Jadx, and apktool . Validate applications against OWASP Mobile Top 10 security risks. API Security & Secure Development Perform API penetration testing using Burp Suite, Postman, OWASP ZAP . Identify critical vulnerabilities such as Broken Authentication, Excessive Data Exposure, and IDOR . Collaborate with developers to implement secure coding practices and remediation strategies . Vulnerability Management & Compliance Conduct vulnerability assessments using tools like Nessus, Acunetix, Nexpose, Rapid7, and Qualys . Ensure compliance with ISO 27001, SOC2, GDPR , and other regulatory frameworks. Work closely with development teams to remediate security vulnerabilities . Required Skills & Qualifications Bachelors degree in Computer Science, Information Security, or a related IT field . 2-3 years of experience in IT , with at least 1-2 years focused on Application Security & Penetration Testing . Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities. Hands-on experience with security tools such as Burp Suite, MobSF, Frida, Objection, Drozer, Jadx, apktool . Proficiency in secure code review (Java, Swift, Kotlin, JavaScript). Expertise in API Security Testing and secure development best practices. Strong analytical, problem-solving, and communication skills . Preferred Qualifications Security certifications such as OSCP, CEH, eJPT, OSWE, GMOB (preferred). Experience with bug bounty programs or responsible disclosure initiatives. Compensation & Benefits Competitive salary based on experience. Career growth opportunities in Application Security & Ethical Hacking . Health & wellness benefits . Access to continuous learning, certifications, and security training programs . If your skills matches the above requirement, kindly share drop your updated resume at "pooja.valluru@engro.io". Looking for immediate to 30 Days Notice Period.

Role & responsibilities: Responsible for assisting team efforts to perform and automate application security testing and tools. Collaborate with development teams in identifying and building solutions to secure code. Perform periodic secure coding assessments & reviews to assess security vulnerabilities & identify the best way to reduce information security risks. Possess the ability to discuss and present technical solutions to all levels of the business. Facilitate development group discussions on vulnerability mitigation, good coding practices, and security risks. Contribute to the maintenance of static and dynamic code analysis tools. Identify new requirements / enhancements to standards, tools, and processes. Periodically, conduct developer training on Application Security concepts. A willingness to learn new tools and techniques on the fly. Required Skills: Masters in Information Security Practical knowledge of web application security testing. Understanding of web application security testing tools Understanding of OWASP Top 10 and CVE/SANS Top 25 Understanding of code scanning tools for SAST/DAST/SCA

Role & responsibilities Accountable for the delivery of the Bug Bounty to meet the requirements cybersecurity controls, auditors, and global regulators. Responsible for ensuring the crowd is leveraged with well scoped with clearly defined objectives, and delivered on time through an approach that scales and minimises operational risk. Responsible for identifying thematic findings in line with threat actor techniques and procedures, and the shifting technology landscape within and driving the crowd to target these areas. Accountable for the delivery of the change and continuous uplift across crowd-sourced testing. Global Control Operator for Crowd-sourced Security Testing under VIAO.3 (Offensive Security) control and protecting the banks technology, information, and customers. Leadership of a small team to manage operation of the Bug Bounty. To be successful in this role, you should meet the following requirements: Proven experience in identifying and communicating security vulnerabilities across Web, APIs, Infrastructure, and Mobile (e.g., penetration testing). Experience in identifying vulnerabilities by leveraging the crowd (e.g., Bug Bounty) Experience working in highly sensitive projects and a highly regulated environment. Excellent communication and interpersonal skills with the ability to produce clear and concise reports for targeted audiences across internal and external stakeholders. Excellent understanding of cybersecurity principles, global financial services business models, regional regulations and applicable laws. Formal education and advanced degree in Information Security, Cybersecurity, Computer Science or similar and/or commensurate demonstrated work experience in the same.