Penetration tester II

About Astra:

Astra is a cybersecurity SaaS company that makes otherwise chaotic pentests a breeze with its one-of-a-kind AI-led offensive Pentest Platform. Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 15,000+ security tests.

CTOs and CISOs love Astra because it help them to achieve continuous security at scale, fix vulnerabilities in record time, and seamlessly transition from DevOps to DevSecOps with Astra's powerful CI/CD integrations. Astra is loved by 1000+ companies across 70+ countries. In 2024 Astra uncovered 2.5 million+ vulnerabilities for its customers, saving customers $110M+ in potential losses due to security vulnerabilities.

We've been awarded by the President of France Mr. François Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security. Loom, MamaEarth, Muthoot Finance, Canara Robeco, Dream 11, OLX Autos etc. are a few of Astra’s customers.

Role overview:

Penetration Tester II

You’ll get hands-on experience with offensive security, collaborate with top minds in the space, and play a vital role in making the internet safer. This is where curiosity meets impact.

At Astra you will be:

• Performing hacker style pentests on our customer’s applications and managing the entire pentest using our one of a kind Pentest platform.
• Carrying out VA/PT for web apps, mobile apps, Cloud infrastructure, SaaS apps, network devices, open-source projects etc.
• Contributing towards building intelligence for our DAST scanner.
• Interacting with clients over remediation calls.
• Facilitating clients to map out the steps for fixing vulnerabilities.
• Maintaining our vulnerability management system.

What you have:

• OSCP or CREST certified
• Strong understanding of OWASPs testing guidelines
• 3-5 years of professional experience in doing pentests on multiple assets including web apps, cloud infrastructure etc.
• Comfortable in Black Box, WhiteBox testing with capability of finding business logic vulnerabilities
• Experience directly interfacing with customers over calls & emails
• Able to understand code in anyone programming language

Good to have:

• A few published CVE’s
• A bug bounty/CTF experience

Benefits of being an Astra-naut:

• You’ll own your work from day one—no micromanaging, just trust and impact.
• Health Insurance cover for you and your spouse.
• You’ll join a team that’s scaling fast but still feels like a close-knit crew—think startup energy with global reach.
• You’ll be surrounded by curious minds, creative thinkers, and people who genuinely care (and yes, we do have a dedicated meme channel on slack).
• Dive deep into the captivating world of cybersecurity.
• And yes, get ready for some unforgettable workcations—think Chikmagalur & Jim Corbett. The previous one was at Wayanad, KL