486 Penetration Tester jobs in India

Job Purpose

As a Senior Penetration Tester, your primary role is to assess and enhance the security of our information systems, networks, and applications through comprehensive penetration testing and vulnerability assessments. You will work closely with our internal product teams to identify weaknesses in their systems and provide actionable recommendations for improvement. Your expertise will help safeguard sensitive data and protect our customers from potential cyber threats. Additionally, you will be responsible for coordinating penetration tests with third-party vendors when required.

Duties and Responsibilities

o Conduct penetration tests on a wide range of digital products, including networks, web, and mobile applications, to identify vulnerabilities and security weaknesses.

o Collaborate with internal product teams to understand their set-ups, goals, and constraints.

o Effectively communicate findings and solutions to technical and non-technical stakeholders.

o Prepare detailed and clear reports documenting findings, reproduce steps, and recommended remediation steps, ensuring the internal product teams understand the security implications.

o Work with cross-functional teams, including security engineers and developers to help them to implement security measures and resolve identified vulnerabilities.

o When your schedule is constrained, coordinate, and manage penetration tests with third-party vendors, ensuring high-quality and timely delivery.

o Contribute to the development and improvement of our testing methodologies, processes, and tools.

o Stay up to date with the latest threats, vulnerabilities, and exploits and develop new testing techniques as necessary.

o Conduct security tests based on products security requirements.

o

Authorities

o Authorized to conduct penetration tests and security tests on selected digital products.

o Authorized to make recommendations for remediation actions based on test results.

o Authorized to engage with internal product teams to discuss findings and recommendations.

o Authorized to coordinate and manage penetration tests with third-party vendors if needed.

Qualifications

o Bachelor’s degree in computer science/engineering, information security, or a related field.

o Proven experience in penetration testing, vulnerability assessment, and security testing with a minimum of 8 years in a similar role.

o Proven track record of conducting successful penetration tests for a variety of organizations and industries.

o Industry-recognized certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN) certifications, or similar qualifications are highly desirable.

o Demonstrated experience in vulnerability research (e.g., CVEs) is a plus.

o Experience in designing, developing, and executing customized penetration testing methodologies.

o Familiarity with various tools and frameworks used in penetration testing, such as Metasploit, Burp Suite, Nessus, Nmap etc.

o Strong knowledge of operating systems (Windows, Linux, and mobile platforms), databases, and web technologies.

o A deep understanding of common security protocols and technologies, including firewalls, intrusion detection/prevention systems, SSL/TLS.

o Programming skills and experience with languages such as Bash, Python, and PowerShell

o The ability to provide clear, comprehensive, and actionable reports on penetration test findings, including recommendations for remediation.

o Exceptional written and verbal communication skills to effectively convey technical information to both technical and non-technical stakeholders.

Penetration Testers - Junior and Senior/Lead

Location:

In Office, Ahmedabad, Gujarat, India (not remote)

Full-time

Salary: Up to ₹12.5L (1,250,000) INR per year for Senior/Lead

Must undergo background check and security clearance

Candidates must already have the right to work and live in India

About Asite

Asite’s vision is to connect people and help the world build better.

Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain.

Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects.

Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment.

Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better.

The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad).

Job Summary:

We are seeking two Penetration Testers - Junior and Senior/Lead - to join our team of security professionals.

As a senior/lead penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems such as IoT devices.

You will utilize your expertise in threat modelling, automation of testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems.

You will manage a small team that you also must mentor and guide in the best practices and help grow at both professional and managerial level.

You’ll report to the Information Security Officer ME & APAC based in India) and to the CISO (based in London)

You must have a passion for knowledge sharing and continuous learning.

You are willing to undergo background checks and Security Clearance.

Key Responsibilities:

• Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems
• Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP
• Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic
• Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS
• Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including
• Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders
• Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development
• Manage and mentor a team of juniors and interns.

Requirements:

7+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing.

Willing to undergo background checks and security clearance.

Good level of Indi and English both spoken or written to a bilingual or at least Professional level, other languages at a bilingual/Professional level such as Arabic, Mandarin, French or German highly preferred.

Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines.

Proven expertise in threat modelling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering)

OSCP or similar certification, GIAC Penetration Tester a plus

Strong knowledge of web application security frameworks, such as OWASP

Familiarity with mobile app security testing tools and techniques

Experience with desktop application security testing, including reverse engineering and exploit development

In-depth understanding of API security testing, including protocol analysis and exploitation.

Strong networking fundamentals, including TCP/IP, DNS, DHCP, BGP, etc.

Proficiency in scripting languages, such as Python, Ruby, PowerShell

Experience with agile development methodologies and collaboration tools like JIRA and their integrations

Excellent communication, problem-solving, and analytical skills

Nice to Have:

Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools

Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing

Experience with OWASP ASVS and similar frameworks

Knowledge of machine learning models and associated security issues at the implementation and bypassing security restrictions.

Using API’s to automate work and systems along with reporting.

What We Offer:

Competitive salary and benefits package.

Opportunities for professional growth and development in a fast-paced and innovative environment

Collaborative team culture that values open communication, mutual respect, and teamwork

Access to cutting-edge security technologies and tools

Flexible work arrangements, including remote work options

If you are a motivated and experienced penetration tester looking for new challenges and opportunities, we encourage you to apply!

Join and help build a better, more efficient, safer and more secure world.

Skills Required:

Web Application PT -Must have

Application Security assessment- Must have

Mobile PT- Good to have

Cloud Must (knowledge + understanding of Azure and AWS)

Red Team Activities- Must

Active Directory PT -Must

Network & Infrastructure PT -Must have (protocols, Windows, Linux)

Firewall testing/auditing- Must

Citrix Pen testing- Good to have

Networking equipment- Must (routers, switchers, load balancers, how to attack them + common weaknesses)

Agile Process & Communication Good to have (it is essential that the candidate has good communication/interpersonal skills)

Certifications Completed or Optional OSCP, CPSA, CRT, CRTP, CEH (All good to have but not essential. I prefer practical knowledge than certifications)

• Perform network, web application, and mobile application penetration tests.
• Identify, analyze, and report on security vulnerabilities found during testing.
• Develop clear and concise reports detailing findings, risks, and remediation recommendations.
• Collaborate with development and operations teams to provide guidance on fixing identified vulnerabilities.
• Stay up-to-date with the latest penetration testing techniques, tools, and methodologies.
• Conduct security assessments and code reviews where necessary.
• Assist in developing and refining penetration testing strategies and procedures.
• Participate in post-test remediation verification.
• Maintain accurate documentation of all testing activities and results.
• Contribute to the continuous improvement of the information security program.