Role & Responsibilities
- 37 years of total experience, hands-on experience in penetration testing and application security across web portals, mobile apps, and APIs with focus on transaction-intensive platforms.
- Proven track record of identifying and remediating critical vulnerabilities in at least 1 Govt/PSU project or equivalent audit.
- Familiarity with e-procurement/financial system fraud paerns (bid manipulation, price tampering).Strong skills in session/token security, replay attack testing, API penetration, and fraud simulation.
- controlled attempts to breach or misuse functional flows, verify enforcement of business rules, access controls, and data validations, and ensure secure, fail-safe handling of errors, concurrency, and integration failures.
- Proven expertise in simulating fraud scenarios to identify how buyers/sellers may attempt to manipulate procurement workflows e.g., bid rigging, price tampering, replay attacks, fake approvals, or bypassing maker-checker controls.
- Track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent highscale procurement/financial system.
- Strong skills in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with ability to highlight business impact of each exploit (financial loss, unfair deal awards, reputational risk).
- Deep understanding of e procurement/ marketplace fraud patterns (e.g., forged bids, multi-account collusion, transaction replay, audit trail manipulation).
- Proficient in advanced security tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, combined with custom scripting for attack simulation.
- Education/Certifications: Bachelor's in engineering/IT or equivalent. (B.Tech / BE / MCA)
- Mandatory Certification: At least one advanced security credential such as OSCP, OSWE, CEH Practical, or CREST.
Ideal Candidate
- Strong Application Security / Penetration Testing Profiles
- Mandatory (Experience 1):Must have 3+ years of total experience in Penetration Testing / Vulnerability Assessment with hands-on experience across web applications, mobile apps, and APIs, especially in transaction-intensive platforms.
- Mandatory (Experience 2):Must have strong hands-on experience in business logic testing and fraud simulation, including scenarios such as bid manipulation, price tampering, replay attacks, fake approvals, and maker-checker bypass.
- Mandatory (Skills 1): Proficiency in advanced security testing tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, and ability to perform custom attack scripting.
- Mandatory (Skills 2): Strong expertise in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with the ability to highlight the business impact of each exploit (financial loss, unfair deal awards, reputational risk)
- Mandatory (Education): Bachelor's in Engineering/IT (B.Tech/BE) or MCA.
- Mandatory (Certification): At least one advanced security credential: OSCP, OSWE, CEH Practical, or CREST.
- Preferred: Proven track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent high-scale procurement/financial system.
Skills: testing,fraud,penetration testing,procurement,security
