460 Security Tester jobs in India

AI Safety Specialist

We are seeking detail-oriented professionals to test and evaluate AI-generated content.

• Conduct thorough evaluations of large language models (LLMs) to identify potential security risks.
• Evaluate AI prompts across multiple domains to uncover possible weaknesses.
• Develop robust test cases to assess accuracy, bias, toxicity, hallucinations, and misuse potential in AI-generated responses.
• Collaborate with data scientists and safety researchers to report findings and suggest mitigations.
• Perform manual quality assurance and content validation ensuring factual consistency, coherence, and adherence to guidelines.
• Create evaluation frameworks and scoring rubrics for prompt performance and safety compliance.

Requirements:

• Proven experience in AI safety testing or adversarial prompt design.
• Familiarity with prompt engineering, NLP tasks, and ethical considerations in generative AI.
• Strong background in Quality Assurance, content review, or test case development for AI/ML systems.
• Understanding of LLM behavior's, failure modes, and model evaluation metrics.
• Excellent critical thinking, pattern recognition, and analytical writing skills.

Prior work with teams focused on LLM safety initiatives is preferred.

We're building something audacious, something global, in next tech at Mai Labs : a new digital infrastructure layer, an internet architectural rail that puts users, builders, creators and developers first. Our mission? To distribute participatory power to billions of people in the digital economy.

What this actually means: We have built our own L1 blockchain, and a backend technical structure for protocols and ecosystem to make digital infrastructure efficient, secure and more accessible. Our global products and tools are natively built for web 3.0 world. You will work with teams working on tech products across blockchain, and distributed systems – for a real-world problem solving.

We're taking on established paths and conventional wisdom about how the Tech and Internet should work. Underlying principle is to solve the hard problem of protecting user rights, digital intellectual property rights and protection of assets in an age of AI and instant replication.

Cultural Expectations: Our start-up journey involves constant evolution and adaptation to market dynamics. People work on strategizing entirely new systems with a hands-on approach, within short time frames. Resources consciousness is high, and you get the freedom to operate across products, do your best work, and stand ahead in the tech curve. You can expect:

- Thriving in decision-making in an ambiguous, fast-paced environment

- To exhibit exceptional integrity and reliability in promise delivery

- Will collaborative and have an inclusive attitude

- A value outcome driven thinking with resource optimization

If above resonates with you, we will love to have a discussion with you.

Current Role: Ethical Hacker L2

We're building the future of decentralized infrastructure. Our mission is to make blockchain systems secure, scalable, and accessible—without compromising on privacy or performance. We’re looking for a curious and driven Ethical Hacker to help us stress-test, break, and ultimately harden our Web3 infrastructure.

Location: Noida (Remote) / 5 days

What will you get to do?

• Identify and exploit vulnerabilities in smart contracts, dApps & DeFi, and decentralized systems.
• Simulate real-world attacks on Layer 1/2 protocols, bridges, wallets, and other blockchain components.
• Develop internal tools and PoCs to automate security testing and fuzzing.
• Contribute to security best practices and awareness within the team.

Qualifications:

• Bachelor's/Master’s degree in Computer Science, Computer Engineering or related fields.
• 2+ years of experience in breaking the code to make it better.
• Strong fundamentals in cybersecurity, networking, or cryptography.
• Good understanding of Hyperledger Fabric or similar blockchain architectures (EVM, gas, tx lifecycle, etc.)
• Tinkered with smart contracts (Solidity, Vyper, etc.) and explored vulnerabilities like reentrancy, MEV, overflow/underflow. And good with writing scripts/tools in Python, Go, or JavaScript to automate findings.
• Active engagement with GitHub, CTF-obsessed, or HackerOne rated — we value skills over titles.

Hiring Process

• 3-4 rounds of interviews with Function, HR & senior leaders

Job Title: Senior Consultant – VAPT

Location: Mumbai, India

Experience: Minimum 3 Years

Job Type: Full-Time

Department: Cybersecurity / Information Security

Job Summary:

We are looking for a highly skilled and motivated Senior Consultant – VAPT to join our cybersecurity team in Mumbai. The ideal candidate will have a solid background in Vulnerability Assessment and Penetration Testing (VAPT) across web applications, mobile applications, infrastructure, and cloud environments. You will be responsible for conducting security assessments, identifying vulnerabilities, and providing actionable recommendations to improve our clients' security posture.

Key Responsibilities:

• Conduct end-to-end VAPT on:
• Web applications
• Mobile applications (Android/iOS)
• Internal and external networks
• Cloud environments (AWS, Azure, GCP)
• APIs and IoT devices (as applicable)
• Perform manual and automated security testing using industry-standard tools (e.G., Burp Suite, Nmap, Metasploit, Nessus, Nikto, etc.)
• Simulate real-world cyberattacks to uncover security weaknesses.
• Prepare detailed vulnerability assessment reports , risk analysis, and executive summaries for technical and non-technical stakeholders.
• Collaborate with clients to remediate identified vulnerabilities and re-test fixes as necessary.
• Stay updated on the latest security threats, vulnerabilities, tools, and best practices.
• Assist in developing security testing methodologies and improve internal testing frameworks.
• Mentor junior team members and support in training activities when required.
• Support pre-sales and proposal writing with technical inputs and scope definition when required.

Required Skills & Qualifications:

• Minimum 3 years of hands-on experience in VAPT roles.
• Strong knowledge of OWASP Top 10, SANS Top 25, and MITRE ATT&CK Framework.
• Experience in using tools such as:
• Burp Suite Pro, OWASP ZAP
• Kali Linux toolset (e.G., Nmap, Nikto, Hydra, SQLMap)
• Metasploit, Nessus, Nexpose, Qualys, Acunetix, etc.
• Good understanding of secure coding practices and common application/infrastructure vulnerabilities.
• Familiarity with scripting languages (Python, Bash, PowerShell) for custom tools or automation is a plus.
• Certifications such as OSCP, CEH, eCPPT, CRTP, or equivalent is highly desirable.
• Strong communication and documentation skills.
• Ability to work independently and in a team environment.
• Willingness to travel for on-site assessments if required.

Preferred Qualifications:

• Experience in Red Teaming or Purple Teaming engagements.
• Exposure to DevSecOps , CI/CD pipelines, or Secure SDLC processes.
• Experience with cloud security testing (AWS, Azure, GCP).
• Knowledge of regulatory frameworks (PCI-DSS, ISO 27001, NIST, etc.)

We're building something audacious, something global, in next tech at Mai Labs : a new digital infrastructure layer, an internet architectural rail that puts users, builders, creators and developers first. Our mission? To distribute participatory power to billions of people in the digital economy.

What this actually means: We have built our own L1 blockchain, and a backend technical structure for protocols and ecosystem to make digital infrastructure efficient, secure and more accessible. Our global products and tools are natively built for web 3.0 world. You will work with teams working on tech products across blockchain, and distributed systems – for a real-world problem solving.

We're taking on established paths and conventional wisdom about how the Tech and Internet should work. Underlying principle is to solve the hard problem of protecting user rights, digital intellectual property rights and protection of assets in an age of AI and instant replication.

Cultural Expectations: Our start-up journey involves constant evolution and adaptation to market dynamics. People work on strategizing entirely new systems with a hands-on approach, within short time frames. Resources consciousness is high, and you get the freedom to operate across products, do your best work, and stand ahead in the tech curve. You can expect:

- Thriving in decision-making in an ambiguous, fast-paced environment

- To exhibit exceptional integrity and reliability in promise delivery

- Will collaborative and have an inclusive attitude

- A value outcome driven thinking with resource optimization

If above resonates with you, we will love to have a discussion with you.

Current Role: Ethical Hacker L2

We're building the future of decentralized infrastructure. Our mission is to make blockchain systems secure, scalable, and accessible—without compromising on privacy or performance. We’re looking for a curious and driven Ethical Hacker to help us stress-test, break, and ultimately harden our Web3 infrastructure.

Location: Noida (Remote) / 5 days

What will you get to do?

• Identify and exploit vulnerabilities in smart contracts, dApps & DeFi, and decentralized systems.
• Simulate real-world attacks on Layer 1/2 protocols, bridges, wallets, and other blockchain components.
• Develop internal tools and PoCs to automate security testing and fuzzing.
• Contribute to security best practices and awareness within the team.

Qualifications:

• Bachelor's/Master’s degree in Computer Science, Computer Engineering or related fields.
• 2+ years of experience in breaking the code to make it better.
• Strong fundamentals in cybersecurity, networking, or cryptography.
• Good understanding of Hyperledger Fabric or similar blockchain architectures (EVM, gas, tx lifecycle, etc.)
• Tinkered with smart contracts (Solidity, Vyper, etc.) and explored vulnerabilities like reentrancy, MEV, overflow/underflow. And good with writing scripts/tools in Python, Go, or JavaScript to automate findings.
• Active engagement with GitHub, CTF-obsessed, or HackerOne rated — we value skills over titles.

Hiring Process

• 3-4 rounds of interviews with Function, HR & senior leaders

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long term strategy of creating a captive global processing centre for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe.

At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS.

What’s in it for you?

o Immense exposure and learning

o Excellent career growth

o Company of highly passionate leaders and mentors

o Ability to build things from scratch

Know more about MGS:

Job Title - VAPT SME

Job Location - Chennai

Job Description :

We are seeking a highly skilled and experienced Vulnerability Assessment SME to join our dynamic team. You will play a critical role in safeguarding our organization's information assets by identifying, assessing, and mitigating vulnerabilities.

Roles and Responsibilities:

- Conduct vulnerability assessments using industry-leading tools (e.G., Nessus, Tenable, Qualys).

- Analyze vulnerability assessment results to identify and prioritize risks.

- Develop and maintain vulnerability management processes and procedures.

- Coordinate vulnerability remediation activities with relevant stakeholders.

- Perform penetration testing to assess the effectiveness of security controls.

- Stay up-to-date on the latest security threats and vulnerabilities.

Relevant Skills and Experience:

- 5-7 years of experience in vulnerability assessment, penetration testing.

- Strong understanding of vulnerability management concepts, principles, and best practices.

- Proficiency in using vulnerability assessment tools (e.G., Nessus, Tenable, Qualys).

- Experience in conducting penetration testing using various methodologies (e.G., black box, gray box, white box) and custom scripting.

- Knowledge of common security threats, vulnerabilities, and attack vectors.

- Experience with network and system security tools (e.G., firewalls, intrusion detection systems, antivirus).

- Experience with scripting languages (e.G., Python, PowerShell).

- Experience with cloud security (e.G., AWS, Azure, GCP).

- Familiar with KALI Linux & Parrot OS Qualifications:

- Bachelor's degree in computer science, information technology, or a related field.

- Security certifications (e.G., CISSP, CISM, CEH, OSCP).

- Strong problem-solving and analytical skills.

- Excellent communication and interpersonal skills.

- Ability to work independently and as part of a team. Additional Skills (Preferred):

- Experience with source code analysis tools.

- Experience with web application security testing.

- Experience with mobile application security testing.

- Experience with security incident response

Address: 16th Floor, Tower-B Brigade, World Trade centre, 142, Rajiv Gandhi Salai, OMR, Perungudi, Chennai, Tamil Nadu ,

Life on the team

A highly skilled and motivated Penetration Tester to join our dynamic cybersecurity team. In this role, you will be responsible for identifying vulnerabilities in our systems, applications, and networks through various penetration testing methodologies. You will play a critical role in strengthening our security posture and protecting our valuable assets from cyber threats.

What you’ll do

Core Responsibilities:

• Conduct comprehensive penetration tests: Execute internal and external network penetration tests, web application penetration tests, mobile application penetration tests, API penetration tests, cloud security assessments, and social engineering simulations.
• Vulnerability identification and analysis: Research, identify, and exploit security vulnerabilities in a variety of systems and applications.
• Red/Purple/Blue Teaming: participate in exercises with the goal of increasing cyber resilience for both offensive and defensive.
• Reporting and documentation: Prepare detailed and professional penetration test reports, including executive summaries, technical findings, risk ratings, and actionable recommendations for remediation.
• Collaboration and communication: Work closely with development, operations, and security teams to communicate findings, explain risks, and provide guidance on remediation strategies.
• Tooling and methodology enhancement: Continuously research and evaluate new penetration testing tools, techniques, and methodologies to improve testing efficiency and effectiveness.
• Security awareness: Contribute to the development and delivery of security awareness training for internal staff.
• Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices.
• Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws.
• Ad-hoc security testing: Perform ad-hoc security assessments and provide expert advice on security-related matters as needed.

Critical Success Factors:

• Strong ethical hacking mindset: A genuine passion for breaking things and understanding how they work, coupled with an unwavering commitment to ethical conduct.
• Analytical and problem-solving skills: Ability to dissect complex systems, identify subtle vulnerabilities, and devise creative attack scenarios.
• Attention to detail: Meticulous in documenting findings and ensuring accuracy in reporting.
• Excellent communication skills: Ability to clearly and concisely communicate highly technical information to both technical and non-technical audiences, both verbally and in writing.
• Proactive and self-motivated: Ability to work independently and manage multiple projects simultaneously, demonstrating initiative and ownership.
• Adaptability and continuous learning: Eagerness to learn new technologies, tools, and methodologies in a rapidly evolving threat landscape.
• Results-oriented: Focus on delivering high-quality, impactful security assessments that drive tangible

What you’ll need

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 10+ Years of experience
• OSCP, PNPT or equivalent certification
• At least three years’ experience working full-time as a penetration tester on the following areas as a minimum:
• Infrastructure
• Active Directory networks
• Web Application penetration testing
• Cloud security (Entra ID/Azure)
• (optional) IoT
• (optional) mobile
• (optional) physical security / social engineering
• Ability to develop custom tools, or adapt existing tooling for the task at hand
• (optional) public blogs, research or talks
• (optional) demonstrable experience contributing to open-source tools

Skills and Competencies

• Strong Knowledge in SIEM operations, Threat operations, security monitoring, SOC operations, ASM, incident response, and log management.
• Strong knowledge of tools and technologies such as MS Sentinel, ELM, SOAR, EDR solutions, and other SOC tooling.
• Familiarity with frameworks such as MITRE ATT&CK, NIST CSF, and ISO 27001.
• Exceptional leadership, communication, and stakeholder management skills.
• Participation and leading projects
• Full understanding of NIST 2 Domains and sub domains for SOC Operations
• CRTO, OSCE, OSEP, PEN-300, GXPN or equivalent certification (note: reasonable exceptions will be considered, e.G. years of experience, contribution to the field, etc.)
• At least five years' experience
• Coding experience
• Experience in training others, or managing teams

JOB DESCRIPTION :

Position : Senior VAPT Consultant

Experience : 8+ years

Loc : Bengaluru

CTC : 35 % Hike on current CTC

Job type : Fulltime(Onsite)

Job Description

We are seeking an experienced and highly skilled Senior VAPT Consultant with 8+ years of hands-on experience in offensive security. The ideal candidate will possess deep technical expertise in assessing and securing complex enterprise environments, including Active Directory, web applications, networks, cloud infrastructures, APIs, and advanced adversarial simulation. This role demands a strong ability to lead engagements, mentor junior consultants, deliver high-quality technical reports, and interface with clients to provide both tactical and strategic security recommendations.

Key Responsibilities:

· Lead and conduct end-to-end penetration testing engagements across web applications, mobile apps, APIs, networks, WiFi, Active Directory, and cloud platforms (AWS, Azure, GCP).

· Execute red team and adversary simulation exercises, including phishing, lateral movement, persistence, and data exfiltration scenarios.

· Perform advanced Active Directory exploitation (on-prem, Azure AD, hybrid environments) including Kerberoasting, unconstrained delegation, golden/silver tickets, and modern AD attack chains.

· Assess and exploit cloud-native vulnerabilities, IAM misconfigurations, container/Kubernetes environments, and serverless workloads.

· Conduct wireless/WiFi pentesting (WEP/WPA/WPA2/WPA3 attacks, rogue AP, evil twin).

· Perform basic to intermediate reverse engineering and exploit development for binaries, scripts, and mobile apps.

· Utilize frameworks and tools such as Burp Suite Pro, ZAP, Caido, Metasploit, Havoc/Mythic/Sliver C2, BloodHound, Mimikatz, Impacket, and custom scripts/exploits.

· Draft and review detailed penetration testing reports, Statements of Work (SoW), Rules of Engagement (RoE), and executive presentations.

· Mentor and guide junior consultants, providing technical leadership, peer review, and training.

· Work closely with clients to communicate findings, risk implications, remediation strategies, and overall security posture improvements.

Requirements

· 8+ years of proven experience in vulnerability assessment, penetration testing, and red team operations.

· Strong expertise in Active Directory exploitation and defenses (on-prem, hybrid, Azure AD).

· Advanced skills in web application, API, and network penetration testing.

· Proficiency in cloud penetration testing (AWS, Azure, GCP) including IAM, storage, networking, and serverless security.

· Strong understanding of exploit development, reverse engineering, and evasion techniques.

· Proficiency with industry-standard tools and custom exploit/script development.

· Solid knowledge of enterprise security technologies (SIEM, SOAR, Firewalls, IDS/IPS, AV/EDR/XDR).

· Strong technical writing and client-facing communication skills, including report drafting and delivery.

· Experience in leading teams, reviewing deliverables, and mentoring junior consultants.

Preferred Qualifications

· Offensive security certifications such as OSCP, OSEP, OSED, OSWE, OSEE, CRTP, CRTE, CREST, GXPN, or equivalent .

· Experience in IoT, hardware, and automotive penetration testing .

· Prior experience in adversary emulation and purple team exercises .

· Familiarity with DevSecOps pipelines and Secure SDLC integration .

Company Description-

Armoly Inc., through its initiative Bugstrace , is on a mission to build a strong community of Security Consultation Partners and Ethical Hackers . Our core service aids subscription-based clients in identifying and fixing security risks through trusted hacker partnerships. In addition, we offer expert-led cybersecurity consulting and provide industry-recognized edtech courses with certifications. As a credible source in the cybersecurity space, Armoly keeps you informed with the latest bug reports, threat intelligence, and global security news. Join us in building a safer digital future by connecting ethical hackers, securing businesses, and educating the next generation.

Role Description-

This is a remote, contract role for a Vulnerability Tester under the Partnership program. The Vulnerability Tester will conduct comprehensive security assessments to identify potential vulnerabilities, collaborate with ethical hackers to simulate cyber-attacks, and analyze systems for security weaknesses. Additionally, the tester will prepare detailed reports on findings, provide recommendations to mitigate risks, and stay updated with the latest security trends and vulnerabilities.

Qualifications-

• Experience in conducting security assessments and identifying vulnerabilities
• Knowledge of penetration testing methodologies and tools
• Proficiency in analyzing systems for security weaknesses
• Ability to prepare detailed reports and provide recommendations for risk mitigation
• Strong understanding of cybersecurity trends and vulnerabilities
• Excellent problem-solving and analytical skills
• Ability to work independently and remotely

Requirements-

-Proven experience in ethical hacking, bug bounty, or offensive security (e.G., HackerOne, Bugcrowd, OSCP, CEH).

-Strong understanding of OWASP Top 10, CVEs, and modern attack vectors.

-Familiarity with tools like Burp Suite, Nmap, Metasploit, Wireshark, etc.

-Ability to write clear and concise technical documentation.

-Commitment to ethical practices and NDA compliance.

Compensation-

• Commission-Based: You’ll be paid per validated vulnerability reported, based on severity, impact, and quality of work on your decided percentage.
• Transparent reward structure with bonus incentives for high-severity or novel findings.

Ready to hunt bugs and make systems safer?

Apply now with your resume, portfolio (if any), and past testing experience or bug bounty reports.

Submit to: LinkedIn Inbox.