About Apphaz
Apphaz Security Solutions specializes in Penetration Testing as a Service (PTaaS), helping organizations identify and prioritize vulnerabilities to enhance remediation efficiency. We combine advanced manual testing techniques with enterprise-grade automated tools through our in-house Apphaz ScanEngine platform to deliver comprehensive security assessments. Our approach aligns with globally recognized standards such as MITRE ATT&CK, NIST Cybersecurity Framework, OWASP Top 10, ASVS, and business logic testing, ensuring actionable and risk-driven insights.
Role Overview
We are seeking a Security Consultant (Penetration Testing) with 3–5 years of hands-on experience in offensive security to join our Ahmedabad team. This is a hands-on, client-facing role focused on executing end-to-end penetration testing engagements, identifying exploitable vulnerabilities, and delivering practical remediation guidance across applications, APIs, infrastructure, and cloud environments.
Key Responsibilities
- Perform penetration testing across web applications, mobile applications, APIs, networks, systems, and cloud environments
- Identify, validate, and exploit vulnerabilities to simulate real-world attack scenarios
- Conduct black-box and gray-box security assessments
- Analyze complex security issues including business logic vulnerabilities
- Prepare detailed technical and executive reports with clear risk prioritization
- Provide actionable remediation recommendations to clients
- Collaborate with clients to improve their overall security posture
- Contribute to improving internal methodologies and the Apphaz ScanEngine platform
- Stay updated with the latest security threats, tools, and techniques
Required Skills & Experience
- 3–5 years of hands-on experience in penetration testing, offensive security, or security consulting
- Strong expertise in application security, API security, network security, and infrastructure testing
- Solid understanding of OWASP Top 10, ASVS, MITRE ATT&CK, and NIST Cybersecurity Framework
- Proficiency with tools such as Burp Suite, Nmap, Metasploit, and OWASP ZAP
- Ability to clearly communicate technical findings to clients
Preferred Qualifications
- Certifications such as OSCP, OSWE, CEH or equivalent
- Experience in business logic testing, red teaming, and adversary simulation
- Exposure to cloud security assessments across AWS, Azure, or GCP
What We Offer
- Opportunity to work on real-world, high-impact security engagements
- Exposure to diverse clients and modern technology environments
- A strong blend of consulting and product-driven security through PTaaS and ScanEngine
- High ownership, learning, and growth opportunities
- A collaborative and technically strong team environment
