Penetration Tester

2 days ago

Mumbai, Maharashtra, India BNP Paribas Full time ₹ 15,00,000 - ₹ 25,00,000 per year

About Business line/Function:

ITG provides testing services for the BNP Paribas Group. The Security testing team is responsible to execute SAST, Penetration Tests (Black or Gray Box) for the Web and Mobile applications pertaining to the group

Responsibilities

Direct Responsibilities

  • To perform Penetration testing (Gray Box and/or Black Box) for Web applications, Mobile, API, and thick client applications.
  • Hands-on mobile penetration tester with strong knowledge and experience in Android and iOS application security testing (both static and dynamic), responsible for discovering, validating and reporting security issues in mobile applications.
  • Perform Static analysis (SAST) and Dynamic analysis (DAST) on Android APKs and iOS IPA to identify insecure storage, hardcoded secrets, insecure configurations, runtime hooking, parameter tampering etc
  • Conduct reverse engineering and protection bypass on mobile applications including decompiling /inspecting binaries, analyzing native libraries ) and bypassing client-side protections (root / jailbreak detection, SSL pinning, obfuscation, tamper checks etc.) using tools like Frida, objection magisk, cydia/selio/zebra and Xposed.
  • Strong research knowledge and should be updated with evolving mobile threats and industry standard (OWASP MASVS/MASTG)
  • To understand the applications security requirements and identify & document the scope of the test.
  • Ensure execution of the documented security scenarios for the application under test.
  • Document and report all findings.
  • Collaborate with the developers to help them understand the vulnerabilities reported in application.
  • Escalate issues to the local management and onshore stakeholders in case it affects the testing progress.
  • Ensure processes for the project is followed for the assessments.
  • Note: Mandatory requirement Mobile, Web & API Penetration Testing
  • Optional: Experience in Source Code Assessment (SCA)/SAST.

Technical & Behavioral Competencies

  • Clear understanding of OWASP Top 10 - application security risks
  • Tools/OS: Burp Suite, OWASP ZAP, Kali Linux, mobsf, jadx, dex2jar, adb, xcode, Frida, objection, apktool, putil, otool.
  • Manual Security Testing & Analysis, Security Test Designing
  • Excellent Interpersonal and presentation skills
  • Strong in verbal and written communication
  • Good analytical skills
  • Strong Time Management
  • Must be flexible, independent, self-motivated.
  • Team player

Specific Qualifications(if required)

CSSLP/CEH or equivalent certification preferred

Education Level: 

Bachelors degree or equivalent.

Experience Level

At least 3 years of relevant experience.

  • Application Penetration Tester

    2 weeks ago

    Mumbai, Maharashtra, India Suzva Software Technologies Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Key Responsibilities:Conduct manual and automated security testing of Web, Mobile, and API applications.Perform vulnerability assessments, exploit development, and penetration testing.Use tools such as BurpSuite, OWASP ZAP, Postman, and others for testing and exploitation.Identify, document, and validate security vulnerabilities following OWASP Top 10, SANS...

  • Resource Application Penetration Tester

    13 hours ago

    Mumbai, Maharashtra, India Suzva Software Technologies Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Key Responsibilities:Perform comprehensive penetration testing on web, mobile, and API-based applications.Identify and exploit vulnerabilities such as injection flaws, authentication issues, cross-site scripting (XSS), and insecure configurations.Conduct manual and automated security assessments using industry-standard tools and techniques.Prepare detailed...

  • Level 2/3 Resource Application Penetration Tester

    1 week ago

    Mumbai, Maharashtra, India Akzac Global Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Perform application penetration testing across web, mobile, and API platforms.Utilize Burp Suite Professional and other industry-standard tools to perform security assessments.Ensure compliance with OWASP Top 10, SANS 25, and other secure coding

  • Application penetration tester

    1 week ago

    Navi Mumbai, Maharashtra, India Aliqan Services Full time ₹ 4,00,000 - ₹ 6,00,000 per year

    BurpSuite ProfessionalHands-on experience in Security Testing for Web Applications, Mobile Applications, APIsCEH, OSCP, SANS 25, LPT, CEPT

  • Application Security Manager

    2 weeks ago

    Mumbai, Maharashtra, India Yes Bank Full time

    3-6 years of Experience in the AppSec / Security Testing domainGood conceptual understanding of Application Architecture, Application componentsHandling a team of Security testersGood understanding of OWAPS and other standard and guidelinesWell verse with Red Teaming and Penetration testing activitiesHands on and good knowledge on Application Security...

  • Cybersecurity Analyst – VAPT

    4 days ago

    Mumbai, Maharashtra, India ShieldByte Infosec Pvt. Ltd. Full time ₹ 8,00,000 - ₹ 24,00,000 per year

    Location:Ghatkopar, Mumbai (Onsite)Department:Information Security / Offensive SecurityExperience:2–8 YearsCertifications Preferred:OSCP, CEH, eCPPT, eJPT, GWAPT, or equivalentAbout the RoleWe are seeking a highly skilledCybersecurity Analyst (Vulnerability Assessment & Penetration Testing)specializing in bothStatic Application Security Testing...

  • Cyber Security Trainer

    4 days ago

    Mumbai, Maharashtra, India L&T Technology Services Ltd. Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    LTTS IndiaMumbaiJob Description3.5.1 Cyber Security TrainerDesired ProfileQualification Bachelors or Masters in Computer Science / Electronics / Information Technology /Information Security / Cyber Security / Digital Forensics / Computer Applications,or equivalent - greater qualification and experience shall be given due weightage. Bug bounty program...

  • Technical Manager

    2 weeks ago

    Navi Mumbai, Maharashtra, India Eventus Techsol Full time ₹ 15,00,000 - ₹ 25,00,000 per year

    Job DescriptionJob Title: Technical ManagerExperience: 9yrs+Location: Navi MumbaiEventus Security requires a Technical Manager - Cyber Resilience with strong understanding of cybersecurity practices, extensive experience in vulnerability assessment and penetration testing (VAPT), leadership skills to manage a team of security professionals, and the ability...

  • Security Tester

    6 days ago

    Mumbai, Maharashtra, India BNP Paribas Full time ₹ 6,00,000 - ₹ 18,00,000 per year

    Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal.ResponsibilitiesDirect Responsibilities Direct Responsibilities To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications.To...

  • GRC Analyst

    4 days ago

    Mumbai, Maharashtra, India Tsaaro Consulting Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    About UsTsaaro Consulting's prime focus is on Data Privacy and SecurityOur team of specialist Data Privacy Consultants, Information Security Consultants, and penetration testers help and advise our Clients to make running a secure business easier with high efficiencyEverything We do is tailored to the individual, and organisational requirements, aligned with...