Senior Penetration Testing Specialist

neXavault | John & Smith Solutions

Join India's Premier CERT-In & CREST Empanelled Cybersecurity Firm

About neXavault

neXavault, the cybersecurity arm of John & Smith Solutions, is a CERT-In and CREST approved organization leading India's offensive security landscape. With offices across India (Kozhikode, Kochi, Trivandrum, Bangalore, Hydrebad, Mumbai, Noida) and international presence in Middle East and UK, we're trusted by digital banking platforms, fintech innovators, and critical infrastructure providers for our advanced security testing capabilities.

The Opportunity

We're seeking a highly skilled Senior Penetration Testing Specialist to lead our offensive security practice. You'll work on challenging engagements including critical infrastructure. This is a hands on technical role for someone passionate about breaking systems and finding vulnerabilities before malicious actors do.

Key Responsibilities

• Execute advanced penetration testing across web applications, mobile apps, APIs, thick clients, and network infrastructure
• Perform in-depth source code reviews for Java, .NET, Python, Node.js, and mobile applications
• Conduct red team operations and adversary simulation exercises
• Develop custom exploits and proof of concept code
• Lead cloud security assessments (AWS, Azure, GCP)
• Perform IoT and OT security testing for specialized clients
• Mentor junior penetration testers and develop team capabilities
• Create comprehensive technical reports with actionable remediation guidance
• Research emerging attack vectors and develop new testing methodologies

Essential Requirements

• Experience:

   5-8 years of hands-on penetration testing experience

• Certifications:

   At least two from - OSCP, OSCE, OSWP, GPEN, GWAPT, GMOB, CRTP

• Technical Mastery:

  Expert-level proficiency with Burp Suite Pro, Metasploit, Cobalt Strike
• Strong exploitation skills across Windows, Linux, and mobile platforms
• Proficient in Python, Bash, PowerShell for tool development
• Deep understanding of OWASP Top 10, SANS Top 25, MITRE ATT&CK
• Experience with container and Kubernetes security

Specialized Skills:

• Web application exploitation (SQLi, XXE, SSRF, Deserialization, etc.)
• Mobile application security testing (iOS/Android)
• Active Directory exploitation and lateral movement
• Cloud-native application testing

Preferred Qualifications

• CREST certification (CRT, CCT, CPSA)
• Published CVEs or acknowledged bug bounties
• Security research publications or conference presentations
• Experience with automotive, IoT, or OT security testing
• Exploit development and reverse engineering skills
• DevSecOps and CI/CD pipeline security

What We Offer

• Competitive Package

• Cutting-edge Projects:

   Work on high-stakes VAPT engagements for banking and fintech clients

• Tool Access:

   Licensed versions of premium security tools and cloud labs

• Research Time:

   Dedicated time for security research and tool development

• Continuous Learning:

   Funding for advanced certifications and training

• Conference Participation:

   Support for attending and speaking at security conferences

• Global Exposure:

   International client projects in Middle East, US and UK markets

Location

Primary: Kochi/Kozhikode, Kerala

How to Apply

Send your detailed CV along with:

1. Your HackTheBox/TryHackMe profile or CTF achievements
2. Brief write-up of your most interesting vulnerability discovery
3. GitHub link to any security tools you've developed

Email:

Subject Line:

John & Smith Group is an equal opportunity employer and does not discriminate on the basis of race, color, religion, gender, sexual orientation, national origin, age, disability, or any other protected characteristic. We are committed to creating an inclusive workplace for all employees. 

All statutory benefits as per applicable laws will be provided.