5.0 - 7.0 years

0 Lacs

bengaluru, karnataka, india

On-site

Summary: We are seeking a skilled and detail-oriented Application Security Penetration Tester to join our cybersecurity team. The primary goal of this role is to ensure secure software delivery by planning, executing, and documenting penetration tests on enterprise applications, identifying vulnerabilities, and supporting remediation efforts. Experience: 5+ years Main Responsibilities: As a Penetration Tester, you will be responsible for conducting comprehensive security assessments across various applications. Preparatory Phase: Conduct kick-off meetings with application owners to define the scope and feasibility of penetration tests. Review functional and technical aspects of applications to prepare for testing. Deliver scope documentation and meeting minutes within defined timelines. Operational Phase: Execute penetration tests on applications to identify exploitable vulnerabilities. Analyze application security posture and provide detailed findings. Prepare and present reports and findings to stakeholders. Coordinate with development and security teams for issue resolution. Post-Operational Phase: Conduct restitution meetings to recap completed tests and their outcomes. Create detailed documentation for retesting and audit purposes. Support closure of identified issues (PTRs) and track remediation progress. Maintenance Phase: Re-evaluate and close PTRs as part of ongoing security maintenance. Contribute to efficiency improvements and automation of pentest processes. Collaborate on tooling design and documentation enhancements. Key Requirements: Security Expertise - Application security testing, Penetration testing, Vulnerability assessment, Reverse engineering Knowledge Areas - OWASP Top 10, Secure coding practices, CVSS v2.0, CVSS Calculator v4.0 Tools & Technologies - Burp Suite Professional, OWASP ZAP, Nessus, Metasploit, Linux & Windows OS Programming Skills - Scripting experience (Python, JavaScript) Certifications - OSCP, PNPT, CPT, CEPT, CCPT, eJPT / PJPT Soft Skills - Fluent English (spoken & written), Team collaboration Nice to Have: PCI-DSS auditing experience Security audits and compliance frameworks NodeJS, VueJS CEH, GWAPT certifications Fast learner, Autonomy Multicultural team experience Other Details: This position requires the delivery of pentest reports, documentation for retesting, remediation proposals, and coordination with development teams. It also involves tooling design and automation in pentest workflows. Show more Show less

Posted 2 days ago

Apply

Offensive Security Analyst Securityhq

2.0 - 3.0 years

4 - 8 Lacs

Pune

Hybrid

Responsibilities Conduct security assessments on Web, Mobile and APIs REST/SOAP/GraphQL. Perform penetration tests on both public and private network infrastructure assets. Conduct adversary emulations and red teaming exercises, both internally and externally. Perform source code review for applications developed in different languages. Develop testing scripts and procedures to fulfil comprehensive assessment requirements. Produce executive and technical reports and provide recommendations based on findings. Conduct external and internal segmentation testing on client infrastructure. Develop penetration testing strategies and test cases for complex enterprise applications. Develop methodology documents and pre-engagement questionnaires for Penetration Testing and Vulnerability Assessment projects. Thoroughly document exploits chain/proof of concept scenarios for client use. Perform Red Team activities in coordination with the Security Operations Centre and incident response teams to validate Blue Team monitoring & detection processes. Essential Skills A minimum of 2 years of professional experience in Pentesting Development or scripting experience and skills. Strong knowledge of Web, Mobile and API Security assessments and source code review of applications. Excellent communication skills and ability to clearly articulate complex security issues. Strong interpersonal and presentation skills. Ability to work with minimal levels of supervision or oversight. Additional Desired Skills Knowledge of Cloud Security Assessments (AWS/Azure/GCP). Knowledge of Active Directory and Exploitation. Knowledge of phishing and social engineering simulations and tools. Familiarity with Malware Development & Defense Evasion Techniques. Experience in Bug Bounty programs. Education Requirements Bachelors in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree. At least one of the following certifications or similar is preferred: OSCP, PNPT or CRTP

Posted 1 month ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.