Sr. Information Security Consultant

Position:

Location:

Experience:

Company Profile:

Tinycrows Private Limited is a budding cybersecurity firm working with BFSI, fintech, and technology-driven enterprises dedicated to helping these businesses protect their digital assets and mitigate risks. At Tinycrows, we follow a 'shift left' cybersecurity approach to fortify the security of products. Our team of trusted professionals, with experience from top consulting firms like Microsoft and Deloitte, design robust security solutions for various industries. We have a proven track record of implementing cybersecurity best practices for startups and large organizations, ensuring digital assets remain secure in today's threat landscape.

Role Description

Web

Key Responsibilities

• Execute in-depth security assessments and 

  Manual penetration testing

   of web and mobile applications.
• Perform 

  secure code reviews

   to identify flaws across various tech stacks (e.g., JavaScript, Java/Kotlin, Swift, Python).
• Contribute to the 

  automation and enhancement of internal testing frameworks

  , reporting tools, and reusable AppSec methodologies.
• Leverage tools such as Burp Suite Pro, nmap, slmap, MobSF, Frida, Objection, Jadx, APKTool, and others as part of testing workflows.
• Collaborate cross-functionally with developers, DevOps, and product teams to embed security across the SDLC.
•  Support and guidance to CISO, CIO and Product Team functions providing security reviews for prospective products and services.
•   Transfer of residual risks to the business/customer as required by the Client’s risk management framework.
•  Collaboration with stakeholder and IT teams to support incident response and investigations using their knowledge of the technology systems sharing security insights.
•  Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes.
• Support 

  Red Teaming engagements

  , including reconnaissance, initial access, and 

  Active Directory exploitation techniques

   (e.g., Kerberoasting, ACL abuse, lateral movement).
• Deliver detailed technical findings and clear, actionable remediation guidance to both technical and non-technical stakeholders.

Key Skills

• Practical experience in web and mobile application security testing, including real-world vulnerability exploitation and security implementation.
• Strong proficiency with offensive security tools such as Burp Suite Pro, nmap, sqlmap, MobSF, Frida, Objection, etc.
• Understanding of common vulnerabilities and standards (e.g., OWASP Top 10, CWE, MITRE ATT&CK).
• Basic experience with cloud security reviews, particularly for AWS, Azure, or GCP-hosted environments.
• Familiarity with secure development practices, modern CI/CD pipelines, and DevSecOps integration.
• Excellent verbal and written communication skills, with the ability to clearly explain technical findings to diverse audiences.
• Comfortable working independently in a fast-paced, highly technical environment.
• Excellent written and verbal communication skills along with the ability to work independently and remotely
• Current with the evolving threat landscape, emerging tools, and industry best practices in application security.

Preferred Qualifications

•  Formal Cyber Security qualification e.g. Degree/Masters or a well-recognized certification.
• Exposure to 

  Red Teaming techniques

  , 

  Active Directory attack paths

  , and post-exploitation tooling (e.g., BloodHound, Rubeus, SharpHound).
• Experience developing custom scripts or automation tooling using 

  Python

  , 

  Bash

  , or 

  PowerShell

  .
• Familiarity with SAST/DAST tools and API security testing methodologies.

Preferred Certifications

•   Industry certifications such as 

  OSCP

  , 

  OSEP

  , 

  CRTP, eMAPT

   are a strong plus

Perks of Joining Tinycrows

If you value growth, ownership, and learning over just stability and routine, a start-up can be the perfect place for you because at Tinycrows, we deal with real problems, fast pivots, and innovation — you learn by doing, not just following manuals and your work directly shapes the company’s success and culture — you’re not “just a cog in the wheel”. You get exposure to latest technologies, regulatory frameworks, and client-facing challenges. You get more autonomy, creativity, and ownership of projects, apart for this you also get:

• Opportunity to be part of the core founding team and contribute to building security from the ground up.
• Close collaboration with founders and key stakeholders (CISOs, CTOs, engineering leaders) ensuring your work directly influences strategic decisions.
• Fast-paced, agile environment where innovation and curiosity are encouraged.
• End-to-end ownership of security assessments, tooling, and strategy.
• Steep learning curve with exposure to a wide variety of technologies and attack surfaces. Great opportunities to expand your role and accelerate your career path.
• Collaborative team culture with support for skill-building and certifications.

This role requires the individual to work at the client’s site. Therefore, working days, hours and holidays will be defined by the client.