Senior Security Consultant

Are you a skilled penetration tester looking for an exciting new opportunity to take your career to the next level? Join our dynamic cybersecurity team, where you’ll have the chance to work on cutting-edge projects, including cloud security, reverse engineering, threat modelling, and product security.Who we are?Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual.About the RoleWe are seeking an experienced and highly skilled Senior Security Consultant - Penetration Tester to join our growing cybersecurity team. The ideal candidate will possess a strong background as a security researcher with deep expertise in cloud security, thick client applications, threat modelling, reverse engineering, and product security. As a Senior Security Consultant, you will lead the discovery and mitigation of security vulnerabilities in client applications, infrastructure, and systems, delivering actionable insights to enhance security posture.You will play a critical role in both offensive security testing and strategic security consulting, collaborating with clients and internal teams to ensure secure product development, infrastructure, and cloud environments.Key Responsibilities·     Penetration Testing: Lead penetration tests on a variety of environments including cloud infrastructures (AWS, Azure, GCP), thick client applications, and enterprise systems.·      Cloud Security Research: Conduct advanced security research, vulnerability assessments, and exploitation testing for cloud platforms and services.·    Threat Modelling: Work closely with product teams and clients to create comprehensive threat models, identifying potential risks, vulnerabilities, and attack vectors.·    Reverse Engineering: Perform reverse engineering of binaries, software, and applications to identify vulnerabilities, develop exploits, and enhance product security.·  Security Advising: Provide security advisories and recommendations for improving secure coding practices, hardening systems, and adopting secure development lifecycles.·   Product Security: Assess and advise on the security posture of software products, focusing on security from design to deployment and beyond.·   Client Interaction: Serve as a trusted advisor to clients, offering detailed reports and presentations on penetration test results, security findings, and mitigation strategies.·   Team Leadership: Mentor and guide junior team members, helping to foster a strong security culture within the organization.·   Tool Development & Research: Develop custom security tools, scripts, and exploits to address new vulnerabilities and improve penetration testing efficiency.·  Continuous Learning: Stay up to date with emerging security threats, attack techniques, and security research in various domains, particularly cloud and product security.You Have All Our Desired Qualities, if:·      Minimum 3+ years of hands-on experience in penetration testing, security research, or related fields.·      Proven track record in performing complex security assessments on cloud environments (AWS, Azure, GCP), thick client applications, and enterprise systems.·      Strong experience with reverse engineering (static and dynamic analysis) of software and binaries.·      Expertise in threat modelling, risk assessment, and security design for software products.·      Extensive experience in vulnerability analysis and exploitation techniques across diverse platforms.You are a perfect technical fit if:·      Advanced knowledge of common penetration testing tools (Burp Suite, Metasploit, Wireshark, etc.).·      Deep understanding of cloud-native security issues and technologies (containers, Kubernetes, serverless, etc.).·      Strong knowledge of application security principles, including OWASP Top 10, secure coding practices, and common vulnerabilities.·      Understanding of product security practices and secure software development life cycles.·      Familiarity with common protocols (HTTP, SSL/TLS, DNS, etc.), encryption algorithms, and web security mechanisms.·      Experience with programming/scripting languages such as Python, Go, or C/C++.Certifications:·      Offensive Security Certified Professional (OSCP) or similar certifications such as CEH, CRTP, OSCE, or CISSP.·      Additional certifications or training in cloud security, reverse engineering, or product security are a plus.Soft Skills:·      Excellent communication skills to present findings and security concepts clearly to both technical and non-technical stakeholders.·      Strong problem-solving skills with the ability to think creatively and develop solutions to complex security challenges.·      Leadership capabilities to mentor and guide junior security consultants and researchers.·      Ability to work independently and manage multiple projects effectively under tight deadlines.Preferred Qualifications:·      Experience in developing custom security tools or exploits.·      Experience with threat hunting or advanced adversarial techniques.·      Familiarity with advanced attack frameworks like MITRE ATT&CK.Job Location: Bangalore/Pune