About the role
Support and lead advanced manual penetration testing efforts across web, mobile, API, network, and thick client environments to identify security risks and provide actionable remediation guidance.
Key responsibilities
- Lead technical scoping and execution of penetration tests aligned with client requirements and architecture risk profiles.
- Perform thorough manual testing on diverse platforms including web applications, mobile apps, APIs, networks, and thick client applications.
- Analyze complex system architectures to identify vulnerabilities, validate findings, and distinguish true risks from false positives.
- Communicate results clearly through detailed technical reports and executive summaries, providing risk-based, practical remediation advice.
- Enhance testing methodologies, leverage automation and AI-assisted techniques, and conduct focused security research to improve testing effectiveness.
Required skills and experience
- Demonstrated expertise in manual penetration testing across web, mobile, API, network, and thick client domains.
- Proficient with industry-standard security tools such as Burp Suite, OWASP ZAP, Metasploit, Postman, Swagger, Nmap, Qualys, SQLMap, and experienced with Kali Linux or similar platforms.
- Strong understanding of common vulnerabilities, attack methods, architectural security principles, and remediation strategies.
- Working knowledge of at least one scripting language (Python, Bash, or PowerShell) and one programming language with framework experience to support application testing.
- Excellent communication skills to effectively explain technical findings to both technical and non-technical stakeholders.
- Experience collaborating with diverse, multinational teams and managing multiple assignments with sound prioritization and time management.
Nice to have
- Familiarity with OWASP Top 10 categories (including API, Thick Client, and LLM security), MITRE ATT&CK framework, and cloud service testing.
- Exposure to reverse engineering, Static and Dynamic Application Security Testing (SAST/DAST).
- Relevant certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.
- Experience with AI-assisted penetration testing workflows, security assessments of LLM-enabled applications, and offensive security automation.
Location
Hyderabad, India
