Web Application Penetration Testing

Roles & responsibilities

Manage cyber threat management projects and lead day-to-day

red team operations.

Plan, scope and conduct complex red team engagements:

external/internal network, Active Directory, cloud

(AWS/Azure/GCP), web & API, mobile backends, and

physical/social engineering components (phishing, vishing,

in-person tests).

Conduct comprehensive web & API testing: reconnaissance,

authenticated/unauthenticated testing, injection flaws

(SQLi/NoSQLi), RCE, SSRF, XSS, IDOR, broken

authentication/authorization, logic flaws, insecure deserialization,

unsafe file uploads and API misconfigurations; chain findings into

host footholds.

Conduct network & infrastructure testing: perimeter and internal

assessments, host/service enumeration, CVE-based exploitation,

pivoting, lateral movement, privilege escalation, persistence and

attack path mapping.

Execute Active Directory compromise exercises: Kerberos

abuse, Golden/Silver Ticket, ACL abuse, user/group privilege

escalation and Group Policy weaknesses.

Simulate stealthy adversary tradecraft (MITRE ATT&CK)

including OpSec, EDR/AV evasion, SIEM evasion and covert

payload delivery (HTML smuggling, advanced delivery chains).

Design, develop and customize offensive tooling and exploits;

maintain red team infrastructure (C2, payloads, automation).

Conduct cloud adversarial simulations: identity abuse,

misconfiguration chaining, and privilege escalation across cloud

services.

Plan and run social engineering campaigns and measure human

susceptibility; craft realistic pretexts using OSINT

Come as

you are

at KGS

As a firm, we are deeply

committed to diversity,

inclusion and equity at our

workplace. We offer a safe

and inclusive environment

built on trust, where all our

colleagues can bring their

authentic selves to work

and know that their

uniqueness is valued.

We prohibit unfair

treatment of applicants and

employees and

discrimination on any

ground, including but not

limited to, caste, religion,

color, ancestry, marital

status, medical condition,

sex, gender identity and/or

expression, sexual

orientation, age,

nationality, cultural origin,

family or parental status,

defense veterans,

physical, mental or

sensory disability or any

other status or

characteristic protected by

applicable Indian laws and

regulations.

Mandatory technical &

functional skills

Conduct red team exercises to evaluate and enhance the

organization's security posture. These exercises simulate

real-world attack scenarios to identify areas of weakness and

improve defenses.

Key activities include planning and executing simulated

attacks, analyzing security gaps, and providing actionable

recommendations for remediation

4+ years of professional experience in cybersecurity, with a

focus on Web application penetration testing.

Strong background in cybersecurity with a focus on

penetration testing.

Experience in Web and Network PT.

Relevant certifications such as OSCP, CRTP,CRTO.

Proficient in threat modeling and vulnerability exploitation

techniques.

Excellent analytical and problem-solving skills.