Senior/ Lead Penetration Tester

Senior/Lead Penetration Tester

Location:

In Office, Ahmedabad, Gujarat, India (not remote)

Full-time

Salary: Up to ₹12.5L (1,250,000) INR per year

Must undergo background check and security clearance

Candidates must already have the right to work and live in India

About Asite

Asite’s vision is to connect people and help the world build better.

Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain.

Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects.

Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment.

Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better.

The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad).

Job Summary:

We are seeking an experienced Penetration Tester to join our team of security professionals.

As a senior/lead penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems such as IoT devices.

You will utilize your expertise in threat modelling, automation of testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems.

You will manage a small team that you also must mentor and guide in the best practices and help grow at both professional and managerial level.

You’ll report to the Information Security Officer ME & APAC based in India) and to the CISO (based in London)

You must have a passion for knowledge sharing and continuous learning.

You are willing to undergo background checks and Security Clearance.

Key Responsibilities:

• Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems
• Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP
• Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic
• Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS
• Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including
• Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders
• Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development
• Manage and mentor a team of juniors and interns.

Requirements:

7+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing.

Willing to undergo background checks and security clearance.

Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred.

Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines.

Proven expertise in threat modelling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering)

OSCP or similar certification, GIAC Penetration Tester a plus

Strong knowledge of web application security frameworks, such as OWASP

Familiarity with mobile app security testing tools and techniques

Experience with desktop application security testing, including reverse engineering and exploit development

In-depth understanding of API security testing, including protocol analysis and exploitation.

Strong networking fundamentals, including TCP/IP, DNS, DHCP, BGP, etc.

Proficiency in scripting languages, such as Python, Ruby, PowerShell

Experience with agile development methodologies and collaboration tools like JIRA and their integrations

Excellent communication, problem-solving, and analytical skills

Nice to Have:

Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools

Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing

Experience with OWASP ASVS and similar frameworks

Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions.

Using API’s to automate work and systems along with reporting.

What We Offer:

Competitive salary and benefits package.

Opportunities for professional growth and development in a fast-paced and innovative environment

Collaborative team culture that values open communication, mutual respect, and teamwork

Access to cutting-edge security technologies and tools

Flexible work arrangements, including remote work options

If you are a motivated and experienced penetration tester looking for new challenges and opportunities, we encourage you to apply!

Join and help build a better, more efficient, safer and more secure world.