Vulnerability Researcher/Ethical Hacker
1 week ago
Description :
About the role :
We are hiring a hands-on Vulnerability Researcher and Ethical Hacker to find real security weaknesses before attackers do. You will run offensive security research across web, APIs, cloud, containers, binaries, and firmware. Your work will produce reproducible exploit proofs of concept, high quality vulnerability reports, risk-based remediation guidance, and periodic threat briefs for product and engineering teams.
What you will do :
- Perform proactive offensive security testing of web applications, APIs, microservices, mobile apps, server software, containers, and cloud environments.
- Discover, verify, and exploit vulnerabilities to produce clear proof of concept exploits and remediation steps.
- Triage and validate incoming findings from scanners, bug bounty programs, and automated tools to reduce false positives and prioritize actionable issues.
- Reverse engineer binaries, libraries, and firmware to identify logic flaws, memory corruption, or insecure assumptions.
- Develop and run fuzzers, custom scanners, and automated test harnesses to surface hard to find issues.
- Build and maintain internal tooling, scripts, and exploit frameworks using Python, Go, or other appropriate languages.
- Collaborate with engineering to reproduce bugs, explain attack chains, and help implement fixes and mitigations.
- Produce clear, evidence-based vulnerability reports suitable for developers, security leadership, and compliance auditors.
- Participate in responsible disclosure, coordinate CVE submissions, and engage with third parties as needed.
- Keep current on attacker techniques, public advisories, and exploit trends. Share findings via internal training, playbooks, and red team exercises.
Required skills and experience :
or more years of hands-on offensive security, vulnerability research, or penetration testing experience.
- Strong web and API security skillset including common vulnerability classes such as authentication and authorization flaws, BOLA/IDOR, injection, SSRF, deserialization, and auth misuse.
- Solid experience with exploit development, proof of concept creation, and vulnerability triage.
- Proficiency in scripting and tooling. Python required. Experience with Go, Bash, or JavaScript is a plus.
- Familiarity with reverse engineering and binary analysis workflows. Comfortable with tools like Ghidra, IDA, radare2, or similar.
- Experience with fuzzing frameworks and techniques. Ability to design targeted fuzzers for complex code paths.
- Deep experience with security tooling : Burp Suite, ZAP, Wireshark, Metasploit, sqlmap, etc.
- Strong knowledge of cloud platforms and cloud security (AWS, GCP, or Azure) including common misconfigurations and identity issues.
- Comfortable working with containerized environments and Kubernetes security concepts.
- Excellent written and verbal communication. Able to produce developer friendly remediation steps and concise vulnerability reports.
- Strong ethical mindset and understanding of legal and disclosure boundaries.
-
_B99F060A3F.png)
Product Hacker
2 days ago
Bengaluru, Karnataka, India timelyai Full time ₹ 5,00,000 - ₹ 15,00,000 per yearCompany Overview Our fast-growing startup is focused on revolutionising the way people interact with technology. We, at timelyAI, are building a to automate an independent service professional's business processes and abstract it from the creative side of their line of work. We let service professionals get all of their customer data in one place and...
-
Senior Security Researcher
1 week ago
Bengaluru, Karnataka, India Endor Labs Full time ₹ 20,00,000 - ₹ 25,00,000 per yearWho we areEndor Labs is building the Application Security platform for the software development revolution. Modern software is complex and dependency-rich, making it increasingly difficult to pinpoint the risks that truly matter. Endor Labs solves this challenge by building a call graph of your entire software estate—enabling teams to clearly identify,...
-
Bengaluru, Karnataka, India FirstHive | CDP+AI Data Platform Full time ₹ 20,00,000 - ₹ 25,00,000 per yearJob Designation :Information Security LeadJob Location :BangaloreWhat Is The RoleThe role requires the candidate to be proactive and spearhead our efforts to protect our assets and mitigate security risks.Key ResponsibilitiesSecurity Leadership :Provide strategic direction and leadership in all aspects of information security, including risk management,...
-
Regional Sales Manager
4 weeks ago
Bengaluru, Karnataka, India, Karnataka Com Olho Full timeCompany DescriptionAt Com Olho, we are at the forefront of cybersecurity innovation, bringing together ethical hackers, security researchers, and organisations to strengthen digital defenses. Our platform provides a dynamic space where security experts can identify, report, and remediate vulnerabilities using Generative AI across a diverse range of systems....
-
Regional Sales Manager
2 weeks ago
Bengaluru, Karnataka, India Com Olho Full time ₹ 6,00,000 - ₹ 12,00,000 per yearCompany DescriptionAt Com Olho, we are at the forefront of cybersecurity innovation, bringing together ethical hackers, security researchers, and organisations to strengthen digital defenses. Our platform provides a dynamic space where security experts can identify, report, and remediate vulnerabilities using Generative AI across a diverse range of systems....
-
IT Vulnerability Management Analyst I
23 hours ago
Bengaluru, Karnataka, India StoneX Full time ₹ 6,00,000 - ₹ 12,00,000 per yearOverviewConnecting clients to markets – and talent to opportunity with 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we're a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class...
-
Soc Security Analyst
5 days ago
Bengaluru, Karnataka, India Allegis Global Solutions (AGS) Full time ₹ 15,00,000 - ₹ 25,00,000 per yearRole & responsibilitiesResponsible for working in a global 24x7 Cybersecurity Operation Center (SOC). Perform real-time alert monitoring and service / respond to the ticket management queue. Provide Incident Response (IR) support when analysis confirms actionable incidents.Analyze threat and vulnerabilities analysis with recommendations. Analyze and respond...
-
Webapp PT Analyst MAST
3 days ago
Bengaluru, Karnataka, India BSR & Co Full time ₹ 5,00,000 - ₹ 15,00,000 per yearDescriptionDescription for Internal Candidates Roles and Responsibilities: Web PT - AnalystPerform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and mobile applicationsAbility to independently research for new vulnerabilities in...
-
Web App PT Consultant_MAST
2 days ago
Bengaluru, Karnataka, India BSR & Co Full time ₹ 20,00,000 - ₹ 25,00,000 per yearDescription*Description for Internal Candidates Roles and Responsibilities: Web PT -ConsultantPerform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and mobile applicationsAbility to independently research for new vulnerabilities in...
-
Web App PT Associate Consultant_MAST
3 days ago
Bengaluru, Karnataka, India BSR & Co Full time ₹ 12,00,000 - ₹ 36,00,000 per yearDescriptionDescription for Internal Candidates Roles and Responsibilities: Web PT - Associate ConsultantPerform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and mobile applicationsAbility to independently research for new...
