4,113 Ethical Hacking jobs in India

Penetration Testers - Junior and Senior/Lead

Location:

In Office, Ahmedabad, Gujarat, India (not remote)

Full-time

Salary: Up to ₹12.5L (1,250,000) INR per year for Senior/Lead

Must undergo background check and security clearance

Candidates must already have the right to work and live in India

About Asite

Asite’s vision is to connect people and help the world build better.

Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain.

Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects.

Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment.

Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better.

The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad).

Job Summary:

We are seeking two Penetration Testers - Junior and Senior/Lead - to join our team of security professionals.

As a senior/lead penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems such as IoT devices.

You will utilize your expertise in threat modelling, automation of testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems.

You will manage a small team that you also must mentor and guide in the best practices and help grow at both professional and managerial level.

You’ll report to the Information Security Officer ME & APAC based in India) and to the CISO (based in London)

You must have a passion for knowledge sharing and continuous learning.

You are willing to undergo background checks and Security Clearance.

Key Responsibilities:

• Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems
• Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP
• Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic
• Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS
• Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including
• Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders
• Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development
• Manage and mentor a team of juniors and interns.

Requirements:

7+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing.

Willing to undergo background checks and security clearance.

Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred.

Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines.

Proven expertise in threat modelling, automation of testing, and advanced techniques (e.G., exploit development, reverse engineering)

OSCP or similar certification, GIAC Penetration Tester a plus

Strong knowledge of web application security frameworks, such as OWASP

Familiarity with mobile app security testing tools and techniques

Experience with desktop application security testing, including reverse engineering and exploit development

In-depth understanding of API security testing, including protocol analysis and exploitation.

Strong networking fundamentals, including TCP/IP, DNS, DHCP, BGP, etc.

Proficiency in scripting languages, such as Python, Ruby, PowerShell

Experience with agile development methodologies and collaboration tools like JIRA and their integrations

Excellent communication, problem-solving, and analytical skills

Nice to Have:

Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools

Knowledge of containerization technologies (e.G., Docker) and container-based vulnerability testing

Experience with OWASP ASVS and similar frameworks

Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions.

Using API’s to automate work and systems along with reporting.

What We Offer:

Competitive salary and benefits package.

Opportunities for professional growth and development in a fast-paced and innovative environment

Collaborative team culture that values open communication, mutual respect, and teamwork

Access to cutting-edge security technologies and tools

Flexible work arrangements, including remote work options

If you are a motivated and experienced penetration tester looking for new challenges and opportunities, we encourage you to apply!

Join and help build a better, more efficient, safer and more secure world.

Life on the team

A highly skilled and motivated Penetration Tester to join our dynamic cybersecurity team. In this role, you will be responsible for identifying vulnerabilities in our systems, applications, and networks through various penetration testing methodologies. You will play a critical role in strengthening our security posture and protecting our valuable assets from cyber threats.

What you’ll do

Core Responsibilities:

• Conduct comprehensive penetration tests: Execute internal and external network penetration tests, web application penetration tests, mobile application penetration tests, API penetration tests, cloud security assessments, and social engineering simulations.
• Vulnerability identification and analysis: Research, identify, and exploit security vulnerabilities in a variety of systems and applications.
• Red/Purple/Blue Teaming: participate in exercises with the goal of increasing cyber resilience for both offensive and defensive.
• Reporting and documentation: Prepare detailed and professional penetration test reports, including executive summaries, technical findings, risk ratings, and actionable recommendations for remediation.
• Collaboration and communication: Work closely with development, operations, and security teams to communicate findings, explain risks, and provide guidance on remediation strategies.
• Tooling and methodology enhancement: Continuously research and evaluate new penetration testing tools, techniques, and methodologies to improve testing efficiency and effectiveness.
• Security awareness: Contribute to the development and delivery of security awareness training for internal staff.
• Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices.
• Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws.
• Ad-hoc security testing: Perform ad-hoc security assessments and provide expert advice on security-related matters as needed.

Critical Success Factors:

• Strong ethical hacking mindset: A genuine passion for breaking things and understanding how they work, coupled with an unwavering commitment to ethical conduct.
• Analytical and problem-solving skills: Ability to dissect complex systems, identify subtle vulnerabilities, and devise creative attack scenarios.
• Attention to detail: Meticulous in documenting findings and ensuring accuracy in reporting.
• Excellent communication skills: Ability to clearly and concisely communicate highly technical information to both technical and non-technical audiences, both verbally and in writing.
• Proactive and self-motivated: Ability to work independently and manage multiple projects simultaneously, demonstrating initiative and ownership.
• Adaptability and continuous learning: Eagerness to learn new technologies, tools, and methodologies in a rapidly evolving threat landscape.
• Results-oriented: Focus on delivering high-quality, impactful security assessments that drive tangible

What you’ll need

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 10+ Years of experience
• OSCP, PNPT or equivalent certification
• At least three years’ experience working full-time as a penetration tester on the following areas as a minimum:
• Infrastructure
• Active Directory networks
• Web Application penetration testing
• Cloud security (Entra ID/Azure)
• (optional) IoT
• (optional) mobile
• (optional) physical security / social engineering
• Ability to develop custom tools, or adapt existing tooling for the task at hand
• (optional) public blogs, research or talks
• (optional) demonstrable experience contributing to open-source tools

Skills and Competencies

• Strong Knowledge in SIEM operations, Threat operations, security monitoring, SOC operations, ASM, incident response, and log management.
• Strong knowledge of tools and technologies such as MS Sentinel, ELM, SOAR, EDR solutions, and other SOC tooling.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
• Exceptional leadership, communication, and stakeholder management skills.
• Participation and leading projects
• Full understanding of NIST 2 Domains and sub domains for SOC Operations
• CRTO, OSCE, OSEP, PEN-300, GXPN or equivalent certification (note: reasonable exceptions will be considered, e.G. years of experience, contribution to the field, etc.)
• At least five years' experience
• Coding experience
• Experience in training others, or managing teams

About the company

Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success.

Lexitas offers an array of services including local and national court reporting, medical record retrieval, process service, registered agent services and legal talent outsourcing. Our reach is truly national as well as international.

Lexitas is a MNC Company that has set up a subsidiary in Chennai, India – Lexitas India Pvt. Ltd. This Indian company will be the Lexitas Global Capability Center, helping build a world class IT development team, and over time serve as a Shared Services hub for several of the corporate functions.

For More Information -

This is a Full-Time Job located in Chennai, India.

Summary:

This position supports information security, privacy, risk and compliance programs and activities under the direction of the VP of Information Security or designated Information Security Manager. The position assists in developing and maintaining a comprehensive security program for Lexitas. Providing functional and technical support is important to maintain security posture and protection of electronically and physically stored information assets across our systems. Tasks include supporting design, implementation, configuration, documentation, and maintenance to mitigate risk to the business and its computing resources and assets, as well as collaborating with applicable providers, managing and monitoring tools, and facilitating applicable processes and procedures.

Key Roles and Responsibilities :

• Supports IT security, privacy, risk and compliance systems, processes, supporting activities, with the ability to lead activities and programs.
• Monitors computer networks and associated tools and provider services for security, privacy, risk and compliance issues
• Supports the project management, tracking, and documentation of Information, Privacy, Risk, and Compliance programs, processes, and activities
• Investigate security breaches and cybersecurity incidents.
• Documents security breaches and assesses impact.
• Performs and/or supports security tests, risk assessments, and audits to uncover network, application, and process vulnerabilities and provides guidance and training to ensure violations do not persist.
• Tracks and facilitates the mitigation of vulnerabilities to maintain a high security standard.
• Supports best practices for IT security, privacy and compliance.
• Performs and supports 3rd party vulnerability management and penetration testing.
• Research security enhancements and makes recommendations to management.
• Stays current on information technology trends and security standards.
• Prepares reports that detail security, privacy, and compliance risk assessment findings.
• Supports Security Operations Center functions including monitoring and supporting Incident Response activities.
• Supports all related IT Security, Privacy, Risk and Compliance policies and provides guidance to the business.
• Other Information Security, Privacy, Risk, and Compliance duties as required.

Skills and Abilities:

• Experience with computer network and application vulnerability management and penetration testing, and techniques.
• Solid understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Ability to identify and mitigate network and application vulnerabilities.
• Good understanding of patch management
• Proficient with various OS
• Excellent written and verbal communication skills
• Knowledge of firewalls, antivirus, and intrusion detection system concepts
• Ability to support and document areas of Information Security, Privacy, Risk, and compliance processes and programs.
• Ability to support incident response process.
• Experience directing 3rd Party providers in the areas of Information Security, Privacy, Risk and Compliance
• Support information security controls including physical and data security protecting the confidentiality, integrity and availability of information systems data.
• Preferred KSA’s:
• Strong working knowledge and experience with primary Information Security, Privacy, Risk, and compliance standards and frameworks such as NIST, SOC 2, HIPAA, PCI DSS, GDPR, etc.
• Experience administering information security software and controls.
• Experience supporting process for managing network and application security.
• Network and system administration experience a plus.
• Good understanding of Standard Information Security Baseline Frameworks, Business Continuity, and Disaster Recovery protocols and best practices.
• Exposure to ITIL (Incident/Change Management) – ITIL v3F preferred.
• Learns and monitors the business processes for the areas of primary support responsibility.
• Support annual Security Baseline Audits and execution of recommendations.
• As part of the technology team, performs “Help Desk” day-to-day tasks in support of Information Security, Privacy, Risk, and Compliance.

Education and Experience:

• Bachelor’s degree in computer science or related field strongly preferred.
• IAT Level-2 technical certification strongly preferred (Comp TIA Security+ or CISSP) or ability to obtain within first 90 days of hire.
• 5+ years’ experience performing role of Information Security Analyst or SOC
• Demonstrated experience in responding to, managing, and resolving security incidents.
• Experience with LAN/WAN networking concepts, IP addressing and routing concepts, Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
• Experience with Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
• Experience working with Security Information and Even Management (SIEM) system is a plus.

• Monitor security systems and analyze security alerts for potential threats.
• Investigate and respond to security incidents, including data breaches and unauthorized access.
• Perform vulnerability assessments and penetration testing to identify security weaknesses.
• Implement and maintain security controls and technologies (firewalls, IDS/IPS, SIEM).
• Develop and update security policies, procedures, and guidelines.
• Conduct security awareness training for employees.
• Collaborate with IT teams to ensure secure system configurations and deployments.
• Stay current with emerging cybersecurity threats and trends.
• Assist in the development and execution of incident response plans.
• Ensure compliance with relevant security regulations and standards.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 3+ years of experience in information security or cybersecurity operations.
• Proficiency in security monitoring tools and SIEM platforms.
• Strong understanding of network protocols, operating systems, and security best practices.
• Experience with vulnerability assessment and penetration testing methodologies.
• Knowledge of relevant security frameworks (e.g., NIST, ISO 27001).
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal abilities.
• Relevant security certifications (e.g., CompTIA Security+, CISSP) are a plus.

• Monitor security alerts and events from various security tools (SIEM, IDS/IPS, firewalls).
• Investigate potential security incidents, analyze their scope and impact, and implement containment and eradication strategies.
• Conduct vulnerability assessments and penetration testing to identify weaknesses in systems and applications.
• Develop and implement security policies, procedures, and guidelines to safeguard organizational assets.
• Manage and maintain security infrastructure, including firewalls, antivirus software, and intrusion detection systems.
• Perform regular security audits and compliance checks against relevant standards (e.g., ISO 27001, GDPR, HIPAA).
• Develop and deliver security awareness training programs for employees.
• Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and mitigation techniques.
• Assist in the development and maintenance of incident response plans and disaster recovery strategies.
• Collaborate with IT teams to ensure security is integrated into all aspects of system design and development.
• Manage user access controls and conduct regular reviews of privileges.
• Prepare reports on security status, incidents, and recommendations for management.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3-5 years of experience in information security or a related IT security role.
• Strong understanding of cybersecurity principles, threats, and countermeasures.
• Experience with SIEM tools, vulnerability scanners, and network security devices.
• Knowledge of security frameworks and compliance standards.
• Excellent analytical, problem-solving, and investigative skills.
• Strong communication and interpersonal skills.
• Relevant security certifications such as CompTIA Security+, CEH, CISSP are a significant advantage.
• Ability to work effectively in a team environment.
• Prior experience working within the **Visakhapatnam, Andhra Pradesh, IN** region is preferred.

• Monitor security alerts and events from various security tools.
• Investigate and respond to security incidents in a timely and effective manner.
• Conduct vulnerability assessments and penetration testing.
• Analyze security logs and system configurations to identify potential threats.
• Develop and implement security policies, procedures, and guidelines.
• Provide security awareness training to employees.
• Recommend and implement security controls and countermeasures.
• Stay updated on emerging cybersecurity threats and trends.
• Collaborate with IT teams to ensure secure system configurations.
• Contribute to the development of incident response plans.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3 years of experience in information security or cybersecurity roles.
• Proficiency with SIEM, IDPS, and EDR tools.
• Understanding of network security, endpoint security, and application security.
• Knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001).
• Experience with vulnerability scanning and penetration testing tools.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Relevant certifications such as CompTIA Security+, CEH, or CISSP are a plus.