Security Test Engineer – Mobile & Web PenTesting
ITG – CDF, Mumbai | BNP Paribas India Solutions
About BNP Paribas
BNP Paribas is Europe's leading bank and a global financialservices powerhouse, present in 65 countries with 185 k employees. Our India Solutions division (Bengaluru, Chennai & Mumbai) delivers 24×7 technology services to the Group's Corporate & Institutional Banking, Investment Solutions and Retail Banking businesses.
We champion diversity, inclusion and continuous learning – and we're looking for a handson security specialist to join our testing team.
About the Role
As a Security Test Engineer you will lead mobile, web and API security assessments for the Group's applications. You'll combine manual pentesting, static/dynamic analysis, reverseengineering and threat research to discover, validate and communicate vulnerabilities that could impact our clients and brand.
Responsibilities:
- Perform endtoend penetration tests (graybox & blackbox) on web, mobile (Android & iOS), API and thickclient applications.
- Conduct static (SAST) and dynamic (DAST) analysis of APKs/IPA files to uncover insecure storage, hardcoded secrets, misconfigurations, runtime hooking, parameter tampering, etc.
- Reverseengineer and bypass clientside protections – decompile binaries, analyze native libraries (.so/.dylib), defeat root/jailbreak detection, SSLpinning, obfuscation and tamper checks using tools such as Frida, Objection, Magisk, Xposed, etc.
- Define test scope, design security scenarios and document findings in clear, reproducible reports.
- Collaborate with developers to explain vulnerabilities, suggest remediations and ensure fixes are verified.
- Escalate blocker issues to local and onshore stakeholders while adhering to testing processes and timelines.
- Keep uptodate with the latest mobile threat landscape and industry standards (OWASP MASVS/MASTG, OWASP Top 10) and share knowledge within the team.
Required Skills & Experience
- Minimum 5 years of handson mobile (Android & iOS) and web penetration testing.
- Strong understanding of OWASP Top 10 and mobile security standards (MASVS/MASTG).
- Proficiency with tools such as Burp Suite, OWASP ZAP, Kali Linux, MobSF, jadx, apktool, Frida, Objection, adb, Xcode, etc.
- Solid reverseengineering experience (binary inspection, native library analysis).
- Excellent written and verbal communication – ability to produce clear, actionable reports.
- Strong analytical, timemanagement and teamwork skills; selfmotivated and independent.
Nicetohave
- Experience with sourcecode assessment (SCA/SAST).
- Familiarity with CI/CD security integrations or cloudnative testing (AWS/Azure).
- Certifications such as OSCP, OSCE, CSSLP, CEH (preferred).
Education – Bachelor's degree (or equivalent) in Computer Science, Information Security, Engineering or a related field.
What We Offer
- Competitive salary and performancebased bonus.
- Comprehensive health, life and disability coverage plus retirement benefits.
- Flexible working hours and a modern Mumbai office with hybrid options after onboarding.
- Continuous learning – access to certifications, training labs, conferences and internal knowledgesharing sessions.
- A diverse, inclusive culture where you can bring your whole self to work.
BNP Paribas India Solutions is an equalopportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
