VAPT / Security Tester

We are seeking a highly skilled Senior Penetration Tester to join our cybersecurity team. The ideal candidate will have extensive experience in penetration testing of web and mobile applications and be proficient in identifying, exploiting, and reporting security vulnerabilities. This role requires a deep understanding of security best practices, risk assessment methodologies, and compliance standards.

Key Responsibilities:

1. Perform penetration testing on web and mobile applications, APIs, and cloud-based environments.
2. Identify and exploit security vulnerabilities using industry-standard tools and manual testing techniques.
3. Generate detailed security assessment reports with remediation recommendations.
4. Work closely with developers, DevOps, and security teams to ensure vulnerabilities are properly mitigated.
5. Conduct threat modeling and risk assessments to proactively enhance application security.
6. Stay updated with the latest cybersecurity trends, attack techniques, and vulnerabilities.
7. Contribute to the development and enhancement of internal security testing methodologies and tools.
8. Provide technical guidance and mentorship to junior team members.
9. Support compliance efforts by aligning security tests with industry standards (OWASP, NIST, ISO 27001, etc.).

Required Skills & Experience:

1. 3 to 6 years of hands-on experience in penetration testing of web and mobile applications.
2. Strong understanding of OWASP Top 10 vulnerabilities and mitigation techniques.
3. Proficiency with penetration testing tools such as Burp Suite, ZAP, Metasploit, Nmap, Kali Linux, MobSF, Frida, etc.
4. Experience with static and dynamic analysis tools for mobile and web applications.
5. Knowledge of secure coding practices and the ability to review application source code for vulnerabilities.
6. Familiarity with API security testing (REST, GraphQL, SOAP).
7. Experience with Android and iOS security testing, including reverse engineering and bypassing security controls.
8. Hands-on experience with scripting languages like Python, Bash, or PowerShell.
9. Understanding of cloud security risks (AWS, Azure, GCP) and cloud penetration testing methodologies.
10. Strong report-writing skills with the ability to communicate technical findings to both technical and non-technical stakeholders.
11. Preferred Qualifications:
12. Relevant certifications e.g., OSCP, OSWE, GPEN, GWAPT, CEH(practical), CISSP.
13. Experience with CI/CD security testing and DevSecOps practices.
14. Familiarity with mobile app development frameworks and their security implications.

Candidate - Pune Maharashtra India

Working mode - Work from Office