Job Summary: We are seeking an experienced Penetration Tester to join our team of security professionals. As a senior penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems. You will utilize your expertise in threat modeling, automation of the testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems. You will manage a small team that you also must mentor and guide in the best practices and help grow. You must have a passion for knowledge sharing and continuous learning. You are willing to undergo background checks and Security Clearance. Key Responsibilities: Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development Manage and mentor a team of junior and interns. Requirements: 5+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing. Willing to undergo background checks and security clearance. Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred. Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines. Proven expertise in threat modeling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering) OSCP or similar certification, GIAC Penetration Tester a plus Strong knowledge of web application security frameworks, such as OWASP Familiarity with mobile app security testing tools and techniques Experience with desktop application security testing, including reverse engineering and exploit development In-depth understanding of API security testing, including protocol analysis and exploitation Strong networking fundamentals, including TCP/IP, DNS, DHCP, etc. Proficiency in scripting languages, such as Python, Ruby, PowerShell Experience with agile development methodologies and collaboration tools like JIRA and their integrations Excellent communication, problem-solving, and analytical skills Nice to Have: Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing Experience with OWASP ASVS and similar frameworks Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions. Show more Show less