Job Details

Work Location: Mumbai (Powai Hiranandani)
It is 5 Days working and Work from Office role

Key Competencies & Skills required:
• Strong understanding of:
? OWASP based vulnerabilities, including Web Application, API and LLM
? Common attack chains from reconnaissance through exploitation
? Authentication, authorization, session handling, and access control weaknesses
? Cloud Security fundamentals, including identity, networking and security controls
• Solid knowledge of:
• Linux and Windows systems
• Networking fundamentals (TCP/IP, DNS, routing, firewalls, AD concepts)
• AI System Architectures
Experience using common security testing tools such as:
? Burp Suite / ZAP
? Network scanners and enumeration tools
Ability to write or adapt scripts for testing or exploitation (e.g., Python, Bash, PowerShell)
Reporting & Communication
• Very good written and spoken English (mandatory)
• Ability to clearly explain security findings to technical and non-technical stakeholders

Nice to have:
• At least one relevant security certification is highly preferred, such as:
• OSCP
• GWAPT / GPEN
• Comparable hands-on penetration testing certifications

Minimum Educational Qualification:
• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience)
• Candidate with non-computer science degree must have minimum 1 year of relevant experience

Certification if any:
• one or more certifications in information security CEH /OSCP /GWAPT / GPEN

Key Accountabilities & Responsibilities:

Penetration Testing Execution
• Execute application VAPTs (web, API, mobile, desktop, infrastructure-adjacent and cloud components) using manual techniques and supporting tools
• Execute network penetration tests following standardized test cases and methodologies
• Perform cloud security assessments, including:
? Review and testing of cloud environments
? Identification of cloud misconfigurations, excessive permissions, insecure identities, exposed services, and weak security controls
• Perform security assessments of applications and platforms that incorporate AI, machine learning, or LLM-based components
• Perform reconnaissance, vulnerability identification, exploitation, and validation using attacker-based techniques
• Select appropriate test depth based on scope, asset criticality, and findings discovered during testing

Reporting & Documentation
• Produce clear, structured, English-language penetration test reports, including AI-related findings where applicable, with
? Reproducible evidence (screenshots, request/response samples, payloads, logs, scripts)
? Accurate risk ratings aligned with CVSS and internal rating models
? Actionable remediation guidance tailored to development, infrastructure, or AI engineering teams
• Document findings in centralized tooling (e.g., vulnerability or risk tracking systems) and support remediation tracking
• Collaboration & Process Adherence
• Work closely with:
• IT Product Managers and application owners
• Infrastructure, network, and platform teams
• Security architecture and IT Security officer stakeholders
• Support test scoping activities, including identifying AI or LLM components that fall within testing scope
• Strictly follow internal penetration testing processes, reporting standards, and quality expectations
• Continuous Improvement
• Stay current with:
• Emerging application, network, and AI-specific attack techniques
• Using AI to increase productivity
• Contribute to the evolution of internal testing approaches as AI-enabled systems become more common