Penetration Tester

About the RoleWe are looking for an experienced Cybersecurity Specialist to thoroughly test our SaaS product built using Laravel, Next.Js, Node.Js, MySQL, and MongoDB. The role involves identifying vulnerabilities, simulating real-world attacks, and ensuring our system is protected from threats such as malware, bot attacks, and data leakage. Scope of Security TestingThe security audit will cover, but not be limited to: Application Security Testing – SAST, DAST, IAST, OWASP Top 10 vulnerability checks.API Security Testing – authentication/authorization flaws, data exposure, rate-limiting, replay attacks.Database Security Testing – SQL injection (MySQL), NoSQL injection (MongoDB), encryption, DB access control.Infrastructure & Server Security Testing – cloud configuration audit, firewall review, network security, patch management.Penetration Testing – external and internal testing, red team simulations.Malware & Bot Attack Simulation – file upload vulnerabilities, malware injection, anti-bot measures.Authentication & Authorization Testing – weak password attacks, MFA testing, session hijacking prevention.Data Leakage & Privacy Testing – PII exposure checks, GDPR/CCPA compliance, log & error masking.Denial of Service (DoS/DDoS) Testing – stress/load testing, application-layer DoS prevention.Business Logic Security Testing – abuse of workflows, race condition testing. Key Responsibilities Perform comprehensive manual & automated security testing across the SaaS platform.Provide a detailed vulnerability assessment report with risk ratings and recommended fixes.Collaborate with the development team to implement security best practices.Re-test after fixes to ensure vulnerabilities are resolved. Required Skills & Experience Proven experience in penetration testing and web application security.Strong knowledge of Laravel, Next.Js, Node.Js, MySQL, MongoDB security considerations.Hands-on experience with OWASP Top 10, SAST, DAST, and vulnerability scanning tools.Expertise in SQL injection, NoSQL injection, XSS, CSRF, RCE, SSRF, privilege escalation testing.Familiarity with malware analysis and bot attack prevention techniques.Understanding of API security, encryption, and secure data handling.Experience with cloud security (AWS, Azure, or similar) is a plus.Relevant certifications (e.G., CEH, OSCP, CISSP) preferred. Deliverables Comprehensive security audit report.Actionable recommendations for remediation.Post-fix verification testing results.Initially, the role will be remote with a 4 PM to 12 AM IST shift, and later it will transition to an onsite position at our Noida office.