172 Penetration Testing jobs in India

• Technical skills:
• Network penetration testing and manipulation of network infrastructure
• Mobile and/or web application assessments
• Email, phone social-engineering
• Shell scripting or automation of simple tasks using Python, Ruby, Bash and PowerShell
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Strong knowledge of tools used for wireless, web application, and network security testing
• Knowledge of Unix/Linux/Mac/Windows operating systems
• Soft skills:
• Work both independently, as well as lead a team of technical testers on penetration testing and red team engagements.
• Perform in-depth analysis of red team engagements results and provide a detail report that describes findings, exploitation procedures, risks and recommendations.
• Execute penetration testing projects using the established methodology, tools and rules of engagements.
• Certifications
• OSWP, OSCP, GPYC, GPEN or other relevant certification that apply to this position

Summary
Position Summary
Analyst - Penetration Tester (Security Testing) - Deloitte Support Services India Pvt. Ltd.
Are you energized by helping organizations protect their data and build client trust? Do you want to work in one of the world's largest holistic internal cybersecurity organizations? If you're interested in proactively preventing, detecting, and responding to cyber-attacks across a complex global footprint, then Deloitte Global could be the perfect place for you. We're looking for an analytical thinker passionate about cybersecurity to join our team.

Work you'll do
As part of the Global Cybersecurity team, responsibilities will be to work with customers to deliver technical assessments against a broad range of services, illustrative duties will include:

This role is responsible for providing manual penetration testing services as part of the shared services organization for member firms. Illustrative responsibilities.

• Assisting in technical scoping of security testing activities
• Executing security testing.
• Web Application Penetration Testing
• Web Services / Application Programming Interface (API) Penetration Testing
• Network Penetration Testing
• Mobile Application Penetration Testing
• Thick Client Penetration Testing
• Conducting focused research when not deployed on an active project
• Provide consultative guidance to customers on findings identified in a clear and actionable fashion both in writing and verbally.
• Enhancing and updating testing methodologies, processes and standards documentation
• Maintaining proficiency of knowledge through ongoing training paths
• Proficient at analyzing and understanding complex architecture designs.
• Ability to effectively communicate what services and capabilities our group can facilitate to our clients.

The team
The Deloitte Global Cybersecurity function is responsible for enhancing data protection, standardizing and securing critical infrastructure, and gaining cyber visibility through security operations centers. The Cybersecurity organization delivers a comprehensive set of security services to Deloitte's global network of firms around the globe.

Qualifications

• Education (degree): Bachelor's Degree or equivalent experience

Skills/abilities
:

Preferred
:

• Offensive Certified Security Professional (OSCP)
• Any GIAC Certification (GSEC, GWAB, GPEN, GMOB, GCPN)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA
• OWASP Application Security Top 10
• OWASP API Security Top 10
• OWASP Thick Client Top 10
• MITRE ATT&CK Framework
• Cloud Service testing
• Reverse Engineering
• Static Application Software Testing (SAST)
• Dynamic Application Testing (DAST)

Work Location:
Hyderabad, India

Work Timings:
11:00 AM to 8:00 PM

How You'll Grow
At Deloitte, our professional development plan focuses on helping people at every level of their career to help them to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.

Benefits
At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you.

Deloitte's culture
Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte.

Corporate citizenship
Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world.

Recruiter tips
We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals.

Our purpose
Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture
Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development
At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India .

Benefits To Help You Thrive
At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips
From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code:

Penetration Testing

JD-

In this role, you will assist in identifying, analyzing, and reporting security vulnerabilities across various systems. Youll perform penetration testing, security assessments, Mobile Testing and basic threat simulations to help improve our organizations security posture. Working alongside security engineers and development teams, youll contribute to making applications and networks more resilient against cyber threats.

Key Responsibilities:

• Conduct security assessments Perform penetration testing and vulnerability scans on applications, networks, and cloud environments.
• Assist in threat simulations Help simulate potential cyberattacks to evaluate security controls.
• Utilize security tools Work with tools such as Burp Suite, Nmap, Metasploit, and Wireshark to identify vulnerabilities.
• Document findings and recommendations Prepare reports that outline security risks and suggested fixes.
• Collaborate with teams Work with security professionals and developers to enhance security practices.
• Stay informed Keep up with new security trends, attack techniques, and best practices.

Experience - 5 to 9yrs

Location- Hyderbad and Chennai

Notice period - Immediate to 30 days

Candidate who are interested please share your CV to

Description and Requirements
"At BMC trust is not just a word - it's a way of life"
Description And Requirements
CareerArc Code

CA-DN

Hybrid
"At BMC trust is not just a word - it's a way of life"
We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud

We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation

BMC Helix is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing.

A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity.

Roles And Responsibilities

• Conduct thorough vulnerability assessments of applications and systems using various tools and techniques.
• Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities.
• Provide expert guidance on application security best practices.
• Research and develop new penetration testing methodologies, tools, and techniques.

Qualifications & Skills

• 5+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset.
• Penetration testing experience is essential; prior participation in bug bounty programs is a plus.
• Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities.
• Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more.
• Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact.
• Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings.
• Ability to think creatively and analytically to identify and exploit vulnerabilities.
• Strong problem-solving skills when encountering unexpected challenges during testing.
• Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders.
• Meticulous attention to detail in documenting findings and creating reports.
• Effective time management skills to meet project deadlines and testing schedules.
• High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality.

Optional

• Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS).
• Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Our commitment to you
BMC's culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won't be known just by your employee number, but for your true authentic self. BMC lets you be YOU

If after reading the above, You're unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas

BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.

BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process.

At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,725,800 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs.

The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits.

We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices.

(

)

Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to know more and how to apply.

Country

India

State

Maharashtra

City

Pune

Date Published

18-Jul-2025

Job ID

45325

Travel

You may occasionally be required to travel for business

Looking for details about our benefits?

Description and Requirements

"At BMC trust is not just a word - it's a way of life"

We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud

We help our customers free up time and space to become an Autonomous Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing.

A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity.

Roles and Responsibilities:

• Conduct thorough vulnerability assessments of applications and systems using various tools and techniques.
• Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities.
• Provide expert guidance on application security best practices.
• Research and develop new penetration testing methodologies, tools, and techniques.

Qualifications & Skills:

• 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset.
• Penetration testing experience is essential; prior participation in bug bounty programs is a plus.
• Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities.
• Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more.
• Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact.
• Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings.
• Ability to think creatively and analytically to identify and exploit vulnerabilities.
• Strong problem-solving skills when encountering unexpected challenges during testing.
• Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders.
• Meticulous attention to detail in documenting findings and creating reports.
• Effective time management skills to meet project deadlines and testing schedules.

• High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality.

• Optional:

• Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS).

• Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Our commitment to you

BMC's culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won't be known just by your employee number, but for your true authentic self. BMC lets you be YOU

If after reading the above, You're unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas

BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.

BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process.

At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,180,000 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs.

The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits.

We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices.

()

Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to know more and how to apply.

Key Responsibilities

• Conduct penetration tests on web and mobile applications, networks, thick clients, and systems to identify vulnerabilities.
• Perform manual and automated testing to simulate cyberattacks and exploit potential security flaws.
• Create detailed reports of vulnerabilities including descriptions, proof of concepts, business impact, and actionable remediation steps.
• Perform retesting to validate fixes and confirm mitigations.
• Analyze security issues related to web apps, network protocols, OSs, and cloud platforms.
• Stay updated with the latest cybersecurity threats, vulnerabilities, and attack techniques.
• Coordinate with application and infrastructure teams during the assessment lifecycle and deliver clear, comprehensive reports.

Requirements

• Proven experience as a Penetration Tester or in a cybersecurity role.

• Strong understanding of:

• OWASP Mobile Top 10

• OWASP Web Top 10

• MITRE ATT&CK framework

• Proficiency in tools such as:

• Burp Suite, Frida, MobSF, Nmap, Wireshark, Metasploit

• Hands-on experience with:

• SSL pinning bypass

• Jailbreak/root detection bypass
• Certificate validation flaws

• Mobile app reverse engineering

• Familiarity with operating systems like Windows, Kali Linux, and macOS

• Exposure to cloud platforms such as AWS, Azure, or GCP
• Knowledge of scripting/programming languages such as Python, Bash, or PowerShell (preferred)

• Relevant certifications are a strong advantage:

• CEH, OSCP, or similar

Preferred Skills

• Prior experience in mobile application penetration testing
• Ability to work independently and manage time effectively
• Excellent communication skills, especially in conveying technical findings to non-technical stakeholders

Skills

Information Security,Data Analysis,Penetration Testing

Strong expertise in OWASP Top 10, NIST, and ISO 27001 frameworks.

Advanced knowledge of scripting languages (e.g., Python, Bash, PowerShell) for automation and tool development, with cloud security for platforms such as AWS, Azure, or Google Cloud.

• Technical skills:
• Deep understanding of mainframe architecture, particularly IBM z/OS and UNIX systems integration.
• Proficiency with mainframe security models and controls such as RACF, Top Secret, or ACF2.
• Experience with mainframe scripting languages (REXX), JCL, and mainframe communication protocols (SNA, VTAM, NJE).
• Hands-on experience with penetration testing tools tailored for mainframes and general pen testing frameworks (e.g., Metasploit, Hydra, MITRE).
• Familiarity with network protocols and services running on mainframes, including FTP, SSH, and TN3270.
• Strong knowledge of security frameworks and compliance standards (NIST 800-53, PCI DSS, ISO).
• Excellent analytical and problem-solving skills to identify and exploit complex vulnerabilities.
• Strong communication skills to produce clear reports and work collaboratively across teams.
• Stay current with mainframe security threats, emerging vulnerabilities, and attacker techniques to continually improve testing approaches.
• Tool Expertise: Rocket Software, IBM X-Force Red, NetSPI, Secragon, REXX
• Soft skills:
• Strong at client communications, Stakeholder management.
• Experience in managing remote teams of 3+ and ability to prepare dashboards and report status and issues with Client directly.
• Strong analytical and problem-solving skills, with the ability to think critically and identify creative solutions.
• Excellent communication and collaboration skills to work effectively with cross-functional teams
• Preferred Certifications:
• OSCP, CEH, CREST, CISSP and relevant security certifications.