26 Penetration Testing jobs in Bengaluru

Department: Cybersecurity / Information Security

Location: Bangalore (On-site)

Employment Type: Full-time

Interested candidates can apply using the form below.

We’re hiring experienced professionals to join our Cybersecurity team in two key positions:

1. VAPT Engineer (L2/L3) – leading advanced vulnerability assessment and penetration testing across enterprise and cloud environments.
2. Information Security Lead – Managed Security Services – managing SOC operations, cloud security governance, risk management, and incident response.

Both roles demand strong technical depth, leadership maturity, and hands-on expertise in enterprise and cloud security ecosystems.

Experience: 5+ years (hands-on)

Reporting To: VAPT Lead

Certification: OSCP preferred

Mode: In-office

Key Responsibilities

• Lead penetration testing across web, mobile, cloud, and infrastructure (Black/Grey/White box).
• Perform manual and automated vulnerability assessments using tools like Burp Suite, Nessus, Metasploit, Nmap, and custom scripts.
• Conduct threat modeling, cloud environment reviews, and risk assessments for business-critical systems.
• Execute security testing on public, private, and hybrid cloud platforms (AWS, Azure, GCP).
• Document findings and provide actionable remediation recommendations.
• Collaborate with DevOps, IT, and Cloud Engineering teams to address vulnerabilities.
• Mentor junior engineers and review reports for accuracy.
• Stay updated with emerging threats, zero-days, and modern attack vectors.
• Align testing with OWASP, NIST, ISO 27001, and cloud security best practices.
• Participate in red team assessments and security audits.

Requirements

• Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field.
• Deep understanding of network protocols, OS internals (Linux/Windows), and cloud architectures.
• Strong knowledge of cloud-native security tools (AWS Security Hub, Azure Defender, etc.).
• Hands-on scripting in Python, Bash, or PowerShell.
• Familiarity with DevSecOps, CI/CD pipelines, and container security (Docker/Kubernetes).
• Experience in secure coding, exploit development, and reverse engineering.
• Certifications like OSCP, CEH, GPEN, LPT, or CISSP are highly preferred.

Experience: 8–10+ years (with 5+ in SOC Leadership)

Certification: OSCP required

Mode: In-office

Key Responsibilities

• Lead SOC operations across L1–L3 analysts, ensuring 24/7 threat monitoring.
• Drive vulnerability management, patch governance, and proactive threat mitigation.
• Manage and secure multi-cloud environments, ensuring compliance and incident readiness.
• Oversee cloud security posture management (CSPM) and identity access governance (IAM).
• Lead incident response, RCA, and recovery for major on-prem and cloud-based incidents.
• Conduct enterprise-wide risk assessments, audits, and compliance checks.
• Ensure alignment with frameworks like NIST, GDPR, HIPAA, PCI-DSS, and ISO 27001.
• Define and implement security policies, playbooks, and automation workflows for cloud and on-prem systems.
• Present dashboards, risk reports, and threat trends to executive leadership.
• Manage relationships with technology partners, MSSPs, and cloud vendors.

Requirements

• 10+ years in Information Security, with at least 5 in SOC or Managed Security leadership.
• Deep understanding of cloud architectures, workload protection, and identity management.
• Hands-on experience with SIEM/SOAR tools (Splunk, ArcSight, Cortex XSIAM, QRadar, Microsoft Sentinel).
• Expertise in threat hunting, malware analysis, endpoint security (EDR/XDR), and cloud security monitoring.
• Proficiency in tools such as WAF, DLP, Burp Suite, and Nessus.
• Strong understanding of hybrid security models and advanced persistent threat (APT) response.
• Familiarity with ITIL or service delivery frameworks is a plus.
• Certifications such as CEH, OSCP, CISSP, or relevant cloud security credentials (CCSP, AWS Security Specialty) preferred.

Interested candidates can apply using the form below.

Please select the role you’re applying for and share your details accurately.

Or Send your resume to

Your potential, unleashed.

India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond.

At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters.

The team

Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks

Your work profile.

As an Assistant Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: -

Key Responsibilities:

• Total 3+years of experience in Cyber security
• VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review
• Certification - OSCP, CRTP, CEH, EJPT
• Understanding of basic business and information technology management processes.
• Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture.
• Experience of Web Application Security Testing, Infrastructure VAPT, API testing.
• Experience on Mobile Security Pen-Testing (iOS and Android).
• Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc.
• Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc.
• Experience in basic scripting such as: Shell, Python, PERL, etc.
• Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5

Desired qualifications / Education :

· B.Tech /BE /BCA / B.Sc /M.Tech - Full time

· Candidates must possess security certification of CEH, LPT, OSCP.

· Good to have security certification for GPEN, CREST

Your role as Leader

We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society.

In addition to living our purpose, Senior Executive across our organization must strive to be:

• Inspiring - Leading with integrity to build inclusion and motivation
• Committed to creating purpose - Creating a sense of vision and purpose
• Agile - Achieving high-quality results through collaboration and Team unity
• Skilled at building diverse capability - Developing diverse capabilities for the future
• Persuasive / Influencing - Persuading and influencing stakeholders
• Collaborating - Partnering to build new solutions
• Delivering value - Showing commercial acumen
• Committed to expanding business - Leveraging new business opportunities
• Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization
• Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities
• Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s).
• Managing change - Responding to changing environment with resilience
• Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision
• Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems
• Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte
• Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviors and attitudes to become more inclusive.

How you’ll grow

Connect for impact

Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report.

Empower to lead

You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership.

Inclusion for all

At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters.

Drive your career

At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte.

Everyone’s welcome… entrust your happiness to us

Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you.

Interview tips

We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

*Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices.

At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

In this regard, you may refer to a more detailed advisory given on our website at:

Job Purpose

As a Senior Penetration Tester, your primary role is to assess and enhance the security of our information systems, networks, and applications through comprehensive penetration testing and vulnerability assessments. You will work closely with our internal product teams to identify weaknesses in their systems and provide actionable recommendations for improvement. Your expertise will help safeguard sensitive data and protect our customers from potential cyber threats. Additionally, you will be responsible for coordinating penetration tests with third-party vendors when required.

Duties and Responsibilities

o Conduct penetration tests on a wide range of digital products, including networks, web, and mobile applications, to identify vulnerabilities and security weaknesses.

o Collaborate with internal product teams to understand their set-ups, goals, and constraints.

o Effectively communicate findings and solutions to technical and non-technical stakeholders.

o Prepare detailed and clear reports documenting findings, reproduce steps, and recommended remediation steps, ensuring the internal product teams understand the security implications.

o Work with cross-functional teams, including security engineers and developers to help them to implement security measures and resolve identified vulnerabilities.

o When your schedule is constrained, coordinate, and manage penetration tests with third-party vendors, ensuring high-quality and timely delivery.

o Contribute to the development and improvement of our testing methodologies, processes, and tools.

o Stay up to date with the latest threats, vulnerabilities, and exploits and develop new testing techniques as necessary.

o Conduct security tests based on products security requirements.

o

Authorities

o Authorized to conduct penetration tests and security tests on selected digital products.

o Authorized to make recommendations for remediation actions based on test results.

o Authorized to engage with internal product teams to discuss findings and recommendations.

o Authorized to coordinate and manage penetration tests with third-party vendors if needed.

Qualifications

o Bachelor’s degree in computer science/engineering, information security, or a related field.

o Proven experience in penetration testing, vulnerability assessment, and security testing with a minimum of 8 years in a similar role.

o Proven track record of conducting successful penetration tests for a variety of organizations and industries.

o Industry-recognized certifications such as Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN) certifications, or similar qualifications are highly desirable.

o Demonstrated experience in vulnerability research (e.G., CVEs) is a plus.

o Experience in designing, developing, and executing customized penetration testing methodologies.

o Familiarity with various tools and frameworks used in penetration testing, such as Metasploit, Burp Suite, Nessus, Nmap etc.

o Strong knowledge of operating systems (Windows, Linux, and mobile platforms), databases, and web technologies.

o A deep understanding of common security protocols and technologies, including firewalls, intrusion detection/prevention systems, SSL/TLS.

o Programming skills and experience with languages such as Bash, Python, and PowerShell

o The ability to provide clear, comprehensive, and actionable reports on penetration test findings, including recommendations for remediation.

o Exceptional written and verbal communication skills to effectively convey technical information to both technical and non-technical stakeholders.

Roles & responsibilities

Manage cyber threat management projects and lead day-to-day

red team operations.

Plan, scope and conduct complex red team engagements:

external/internal network, Active Directory, cloud

(AWS/Azure/GCP), web & API, mobile backends, and

physical/social engineering components (phishing, vishing,

in-person tests).

Conduct comprehensive web & API testing: reconnaissance,

authenticated/unauthenticated testing, injection flaws

(SQLi/NoSQLi), RCE, SSRF, XSS, IDOR, broken

authentication/authorization, logic flaws, insecure deserialization,

unsafe file uploads and API misconfigurations; chain findings into

host footholds.

Conduct network & infrastructure testing: perimeter and internal

assessments, host/service enumeration, CVE-based exploitation,

pivoting, lateral movement, privilege escalation, persistence and

attack path mapping.

Execute Active Directory compromise exercises: Kerberos

abuse, Golden/Silver Ticket, ACL abuse, user/group privilege

escalation and Group Policy weaknesses.

Simulate stealthy adversary tradecraft (MITRE ATT&CK)

including OpSec, EDR/AV evasion, SIEM evasion and covert

payload delivery (HTML smuggling, advanced delivery chains).

Design, develop and customize offensive tooling and exploits;

maintain red team infrastructure (C2, payloads, automation).

Conduct cloud adversarial simulations: identity abuse,

misconfiguration chaining, and privilege escalation across cloud

services.

Plan and run social engineering campaigns and measure human

susceptibility; craft realistic pretexts using OSINT

Come as

you are

at KGS

As a firm, we are deeply

committed to diversity,

inclusion and equity at our

workplace. We offer a safe

and inclusive environment

built on trust, where all our

colleagues can bring their

authentic selves to work

and know that their

uniqueness is valued.

We prohibit unfair

treatment of applicants and

employees and

discrimination on any

ground, including but not

limited to, caste, religion,

color, ancestry, marital

status, medical condition,

sex, gender identity and/or

expression, sexual

orientation, age,

nationality, cultural origin,

family or parental status,

defense veterans,

physical, mental or

sensory disability or any

other status or

characteristic protected by

applicable Indian laws and

regulations.

Mandatory technical &

functional skills

Conduct red team exercises to evaluate and enhance the

organization's security posture. These exercises simulate

real-world attack scenarios to identify areas of weakness and

improve defenses.

Key activities include planning and executing simulated

attacks, analyzing security gaps, and providing actionable

recommendations for remediation

4+ years of professional experience in cybersecurity, with a

focus on Web application penetration testing.

Strong background in cybersecurity with a focus on

penetration testing.

Experience in Web and Network PT.

Relevant certifications such as OSCP, CRTP,CRTO.

Proficient in threat modeling and vulnerability exploitation

techniques.

Excellent analytical and problem-solving skills.

Primary Skills:

• Targeted pen testing/security analysis of ECU features at all levels e.g., secure boot, secure OS/TEE, secure protocol implementation, key management systems, debug access activation methods, paid feature activation, system architecture, etc.
• Good Knowledge of modern automotive embedded systems, secure boot in all facets, baseband (LTE/GSM), Android/Linux/Autosar, CAN/Ethernet.
• Liaising with ECU SW developers to explain security issues and provide feedback on proposed solutions.
• Supporting the security test developers by providing input to new features and regression test development.
• Good Knowledge of Reverse engineering, fuzzing (custom fuzzer development), PoC exploit development, source code review, hardware tampering, design reviews.

Must have:

• Very good knowledge of cyber security, embedded systems and cryptography, which you are passionate about developing on a daily basis.
• Relevant professional experience with pen testing and/or offensive security and reverse engineering.
• Very strong (embedded) Linux knowledge.
• Fluency in written and spoken English.

Nice to have:

• A relevant tertiary qualification with a security component.
• Knowledge of common automotive protocols.
• Experience with automotive bus and protocol analysis tools.
• Any relevant technical certifications - e.g., OSCP

Life on the team

A highly skilled and motivated Penetration Tester to join our dynamic cybersecurity team. In this role, you will be responsible for identifying vulnerabilities in our systems, applications, and networks through various penetration testing methodologies. You will play a critical role in strengthening our security posture and protecting our valuable assets from cyber threats.

What you’ll do

Core Responsibilities:

• Conduct comprehensive penetration tests: Execute internal and external network penetration tests, web application penetration tests, mobile application penetration tests, API penetration tests, cloud security assessments, and social engineering simulations.
• Vulnerability identification and analysis: Research, identify, and exploit security vulnerabilities in a variety of systems and applications.
• Red/Purple/Blue Teaming: participate in exercises with the goal of increasing cyber resilience for both offensive and defensive.
• Reporting and documentation: Prepare detailed and professional penetration test reports, including executive summaries, technical findings, risk ratings, and actionable recommendations for remediation.
• Collaboration and communication: Work closely with development, operations, and security teams to communicate findings, explain risks, and provide guidance on remediation strategies.
• Tooling and methodology enhancement: Continuously research and evaluate new penetration testing tools, techniques, and methodologies to improve testing efficiency and effectiveness.
• Security awareness: Contribute to the development and delivery of security awareness training for internal staff.
• Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices.
• Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws.
• Ad-hoc security testing: Perform ad-hoc security assessments and provide expert advice on security-related matters as needed.

Critical Success Factors:

• Strong ethical hacking mindset: A genuine passion for breaking things and understanding how they work, coupled with an unwavering commitment to ethical conduct.
• Analytical and problem-solving skills: Ability to dissect complex systems, identify subtle vulnerabilities, and devise creative attack scenarios.
• Attention to detail: Meticulous in documenting findings and ensuring accuracy in reporting.
• Excellent communication skills: Ability to clearly and concisely communicate highly technical information to both technical and non-technical audiences, both verbally and in writing.
• Proactive and self-motivated: Ability to work independently and manage multiple projects simultaneously, demonstrating initiative and ownership.
• Adaptability and continuous learning: Eagerness to learn new technologies, tools, and methodologies in a rapidly evolving threat landscape.
• Results-oriented: Focus on delivering high-quality, impactful security assessments that drive tangible

What you’ll need

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 10+ Years of experience
• OSCP, PNPT or equivalent certification
• At least three years’ experience working full-time as a penetration tester on the following areas as a minimum:
• Infrastructure
• Active Directory networks
• Web Application penetration testing
• Cloud security (Entra ID/Azure)
• (optional) IoT
• (optional) mobile
• (optional) physical security / social engineering
• Ability to develop custom tools, or adapt existing tooling for the task at hand
• (optional) public blogs, research or talks
• (optional) demonstrable experience contributing to open-source tools

Skills and Competencies

• Strong Knowledge in SIEM operations, Threat operations, security monitoring, SOC operations, ASM, incident response, and log management.
• Strong knowledge of tools and technologies such as MS Sentinel, ELM, SOAR, EDR solutions, and other SOC tooling.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
• Exceptional leadership, communication, and stakeholder management skills.
• Participation and leading projects
• Full understanding of NIST 2 Domains and sub domains for SOC Operations
• CRTO, OSCE, OSEP, PEN-300, GXPN or equivalent certification (note: reasonable exceptions will be considered, e.G. years of experience, contribution to the field, etc.)
• At least five years' experience
• Coding experience
• Experience in training others, or managing teams

JOB DESCRIPTION :

Position : Senior VAPT Consultant

Experience : 8+ years

Loc : Bengaluru

CTC : 35 % Hike on current CTC

Job type : Fulltime(Onsite)

Job Description

We are seeking an experienced and highly skilled Senior VAPT Consultant with 8+ years of hands-on experience in offensive security. The ideal candidate will possess deep technical expertise in assessing and securing complex enterprise environments, including Active Directory, web applications, networks, cloud infrastructures, APIs, and advanced adversarial simulation. This role demands a strong ability to lead engagements, mentor junior consultants, deliver high-quality technical reports, and interface with clients to provide both tactical and strategic security recommendations.

Key Responsibilities:

· Lead and conduct end-to-end penetration testing engagements across web applications, mobile apps, APIs, networks, WiFi, Active Directory, and cloud platforms (AWS, Azure, GCP).

· Execute red team and adversary simulation exercises, including phishing, lateral movement, persistence, and data exfiltration scenarios.

· Perform advanced Active Directory exploitation (on-prem, Azure AD, hybrid environments) including Kerberoasting, unconstrained delegation, golden/silver tickets, and modern AD attack chains.

· Assess and exploit cloud-native vulnerabilities, IAM misconfigurations, container/Kubernetes environments, and serverless workloads.

· Conduct wireless/WiFi pentesting (WEP/WPA/WPA2/WPA3 attacks, rogue AP, evil twin).

· Perform basic to intermediate reverse engineering and exploit development for binaries, scripts, and mobile apps.

· Utilize frameworks and tools such as Burp Suite Pro, ZAP, Caido, Metasploit, Havoc/Mythic/Sliver C2, BloodHound, Mimikatz, Impacket, and custom scripts/exploits.

· Draft and review detailed penetration testing reports, Statements of Work (SoW), Rules of Engagement (RoE), and executive presentations.

· Mentor and guide junior consultants, providing technical leadership, peer review, and training.

· Work closely with clients to communicate findings, risk implications, remediation strategies, and overall security posture improvements.

Requirements

· 8+ years of proven experience in vulnerability assessment, penetration testing, and red team operations.

· Strong expertise in Active Directory exploitation and defenses (on-prem, hybrid, Azure AD).

· Advanced skills in web application, API, and network penetration testing.

· Proficiency in cloud penetration testing (AWS, Azure, GCP) including IAM, storage, networking, and serverless security.

· Strong understanding of exploit development, reverse engineering, and evasion techniques.

· Proficiency with industry-standard tools and custom exploit/script development.

· Solid knowledge of enterprise security technologies (SIEM, SOAR, Firewalls, IDS/IPS, AV/EDR/XDR).

· Strong technical writing and client-facing communication skills, including report drafting and delivery.

· Experience in leading teams, reviewing deliverables, and mentoring junior consultants.

Preferred Qualifications

· Offensive security certifications such as OSCP, OSEP, OSED, OSWE, OSEE, CRTP, CRTE, CREST, GXPN, or equivalent .

· Experience in IoT, hardware, and automotive penetration testing .

· Prior experience in adversary emulation and purple team exercises .

· Familiarity with DevSecOps pipelines and Secure SDLC integration .

Key Skills: Penetration Testing, Vulnerabilities, Web Application Security, Manual Testing.

Roles & Responsibilities:

• Conduct manual application penetration tests on web applications, internal applications, APIs, and mobile applications to discover and exploit vulnerabilities.
• Independently research new vulnerabilities in systems and software, modifying and customizing tools, known exploits, POCs, and scripts to meet operational requirements.
• Stay up-to-date with the latest attack techniques, tools, and emerging threats in the cybersecurity landscape.
• Present technical reports to clients, explaining testing outcomes and providing detailed insights and recommendations.
• Collaborate effectively with cross-functional teams, including developers, IT operations, and business stakeholders, to integrate security best practices into project workflows.
• Provide mentorship and guidance to junior security staff, fostering a culture of proactive security awareness within the organization.
• Maintain a strong understanding of web applications, cryptography, various operating systems, and security technologies.
• Demonstrate expertise in exploiting Microsoft platforms used in enterprise environments, such as Windows Servers, Active Directory Certificate Service, and Azure.
• Relevant certifications such as GWAPT, OSCP, OSEP, CRTP, CRTO, OSWA are strongly preferred.

Experience Requirement:

• 4-8 years of hands-on experience in penetration testing of web, mobile, and API applications.
• Proven ability to identify and exploit vulnerabilities through manual testing techniques.
• Practical exposure to enterprise security environments, including Microsoft-based infrastructures.
• Experience in customizing exploit tools and developing proof-of-concept scripts.
• Strong communication and reporting skills, with the ability to present findings to technical and non-technical stakeholders.

Education: B.Tech M.Tech (Dual), BCA, B.Tech, MCA.