Senior security consultant

Job DescriptionLocation: Remote (India preferred)Engagement: Full-timeCompensation: ₹9-13 LPA + ESOPRole SnapshotLead security research initiatives and work directly with the founding team to architect and scale APS (Autonomous Pentesting Solution), our flagship product that's redefining security testing with AI.Drive complex VAPT engagements, mentor the security team, and define the technical roadmap for autonomous security testing.Expect end-to-end ownership of product security features, strategic decision-making, and direct influence on company direction.What You'll TackleLead and execute end-to-end VAPT engagements across web applications, mobile apps, APIs, thick clients, and cloud infrastructure for high-profile clients.Architect core security modules within APS, designing and implementing advanced AI/LLM-driven vulnerability detection and exploitation systems.Conduct original vulnerability research, discover zero-days, and develop sophisticated exploitation techniques and attack chains.Lead technical discussions with clients, deliver executive-level security reports, and provide strategic remediation guidance.Mentor junior researchers and interns, conduct code reviews, and establish security research best practices.Drive the product roadmap by identifying new attack vectors, emerging threats, and innovative approaches to autonomous pentesting.Collaborate with the founding team on strategic initiatives, partnerships, and scaling the security research function.What Makes You a Strong Fit2-3 years of hands-on experience in penetration testing, security research, or offensive security roles with proven track record.Expert-level understanding of web, mobile, API, and thick client security with deep exploitation expertise across multiple attack surfaces.Notable achievements on Bugcrowd, Hacker One, or similar platforms (Hall of Fame, high-severity findings, or CVE contributions strongly preferred).Strong presence in the CTF community with top rankings, team leadership, or writeup contributions.Advanced proficiency with security tools and custom tool development (Burp Suite, Metasploit, Frida, custom Python frameworks).Demonstrated ability to discover and chain complex vulnerabilities for high-impact exploitation.Experience with cloud security (AWS/Azure/GCP), container security, or infrastructure pentesting.Strong Python development skills with portfolio of security automation tools or open-source contributions.Industry certifications such as OSCP, OSWE, OSEP, CPTS, or equivalent demonstrated expertise.Published security research, blog posts, conference presentations, or technical writeups.Excellent communication skills with ability to explain complex technical concepts to both technical and non-technical audiences.Proven leadership experience mentoring junior security professionals or leading technical initiatives.Interview ProcessFounder Call (45 min) — career trajectory, technical vision, culture add.Technical Assessment (72 h) — advanced multi-stage security challenge covering complex attack scenarios.Security Lead Round (90 min) — comprehensive technical deep dive, solution walkthrough, and strategic discussion.Offer LetterWhat You'll GainLeadership opportunity with direct impact on product strategy and company direction.Work closely with founders to build and scale a cutting-edge security product from the ground up.Exposure to cutting-edge AI/LLM integration in cybersecurity and opportunity to push the boundaries of autonomous security testing.Significant equity stake in a fast-growing security startup with strong market potential.Freedom to pursue original research, publish findings, and represent the company at security conferences.Competitive compensation package with performance-based growth opportunities.Flexible work arrangements and autonomy to drive technical decisions.How to ApplyEmail with:Resume or Linked In profile.Bugcrowd, Hacker One, Hack The Box, Try Hack Me profile links with notable achievements.Portfolio of security work (Git Hub, published research, CVEs, blog posts, conference talks, or significant vulnerability disclosures).