Sr. Information Security Consultant

1 week ago


Navi Mumbai, Maharashtra, India Tinycrows Private Limited Full time ₹ 12,00,000 - ₹ 36,00,000 per year

Position:
Sr. Information Security Consultant

Location:
Navi
Mumbai, India

Experience:
Minimum of 4 to 5 years (relevant to the position and job responsibility)

Company Profile:

Tinycrows Private Limited is a budding cybersecurity firm working with BFSI, fintech, and technology-driven enterprises dedicated to helping these businesses protect their digital assets and mitigate risks. At Tinycrows, we follow a 'shift left' cybersecurity approach to fortify the security of products. Our team of trusted professionals, with experience from top consulting firms like Microsoft and Deloitte, design robust security solutions for various industries. We have a proven track record of implementing cybersecurity best practices for startups and large organizations, ensuring digital assets remain secure in today's threat landscape.

Role Description

Tinycrows has designed this role for a highly motivated and technically adept individual with strong expertise in 
Web
 and 
Mobile (iOS/Android) Application Penetration Testing
. This role requires analysing, designing and implementing robust security to help the stakeholders maintain and strengthen their security posture. An ideal fit for this position is an individual who is passionate about offensive security, with a hands-on approach to identifying vulnerabilities, supporting secure development, and contributing to scalable AppSec initiatives. Exposure to 
Red Team operations

Active Directory attack paths
, and
cloud environments
is a strong plus. The Consultant will work closely with clients to ensure the security of their digital assets.

Key Responsibilities

  • Execute in-depth security assessments and 
    Manual penetration testing
     of web and mobile applications.
  • Perform 
    secure code reviews
     to identify flaws across various tech stacks (e.g., JavaScript, Java/Kotlin, Swift, Python).
  • Contribute to the 
    automation and enhancement of internal testing frameworks
    , reporting tools, and reusable AppSec methodologies.
  • Leverage tools such as Burp Suite Pro, nmap, slmap, MobSF, Frida, Objection, Jadx, APKTool, and others as part of testing workflows.
  • Collaborate cross-functionally with developers, DevOps, and product teams to embed security across the SDLC.
  • Support and guidance to CISO, CIO and Product Team functions providing security reviews for prospective products and services.
  • Transfer of residual risks to the business/customer as required by the Client's risk management framework.
  • Collaboration with stakeholder and IT teams to support incident response and investigations using their knowledge of the technology systems sharing security insights.
  • Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes.
  • Support 
    Red Teaming engagements
    , including reconnaissance, initial access, and 
    Active Directory exploitation techniques
     (e.g., Kerberoasting, ACL abuse, lateral movement).
  • Deliver detailed technical findings and clear, actionable remediation guidance to both technical and non-technical stakeholders.

Key Skills

  • Practical experience in web and mobile application security testing, including real-world vulnerability exploitation and security implementation.
  • Strong proficiency with offensive security tools such as Burp Suite Pro, nmap, sqlmap, MobSF, Frida, Objection, etc.
  • Understanding of common vulnerabilities and standards (e.g., OWASP Top 10, CWE, MITRE ATT&CK).
  • Basic experience with cloud security reviews, particularly for AWS, Azure, or GCP-hosted environments.
  • Familiarity with secure development practices, modern CI/CD pipelines, and DevSecOps integration.
  • Excellent verbal and written communication skills, with the ability to clearly explain technical findings to diverse audiences.
  • Comfortable working independently in a fast-paced, highly technical environment.
  • Excellent written and verbal communication skills along with the ability to work independently and remotely
  • Current with the evolving threat landscape, emerging tools, and industry best practices in application security.

Preferred Qualifications

  • Formal Cyber Security qualification e.g. Degree/Masters or a well-recognized certification.
  • Exposure to 
    Red Teaming techniques

    Active Directory attack paths
    , and post-exploitation tooling (e.g., BloodHound, Rubeus, SharpHound).
  • Experience developing custom scripts or automation tooling using 
    Python

    Bash
    , or 
    PowerShell
    .
  • Familiarity with SAST/DAST tools and API security testing methodologies.

Preferred Certifications

  • Industry certifications such as 
    OSCP

    OSEP

    CRTP, eMAPT
     are a strong plus

Perks of Joining Tinycrows

If you value growth, ownership, and learning over just stability and routine, a start-up can be the perfect place for you because at Tinycrows, we deal with real problems, fast pivots, and innovation — you learn by doing, not just following manuals and your work directly shapes the company's success and culture — you're not "just a cog in the wheel". You get exposure to latest technologies, regulatory frameworks, and client-facing challenges. You get more autonomy, creativity, and ownership of projects, apart for this you also get:

  • Opportunity to be part of the core founding team and contribute to building security from the ground up.
  • Close collaboration with founders and key stakeholders (CISOs, CTOs, engineering leaders) ensuring your work directly influences strategic decisions.
  • Fast-paced, agile environment where innovation and curiosity are encouraged.
  • End-to-end ownership of security assessments, tooling, and strategy.
  • Steep learning curve with exposure to a wide variety of technologies and attack surfaces. Great opportunities to expand your role and accelerate your career path.
  • Collaborative team culture with support for skill-building and certifications.

This role requires the individual to work at the client's site. Therefore, working days, hours and holidays will be defined by the client.


  • Security Consultant

    1 week ago


    Navi Mumbai, Maharashtra, India Eventus Security Full time ₹ 9,00,000 - ₹ 12,00,000 per year

    Job Title: Security ConsultantExperience range: 1-3 yearsJob Location: Navi Mumbai / DelhiImmediate Joiners PreferredWe are seeking a motivated and technically proficientSecurity Consultantto join our cybersecurity team. The ideal candidate should have hands-on experience inVulnerability Assessment and Penetration Testing (VA/PT)across web applications,...


  • Navi Mumbai, Maharashtra, India Qseap Infotech Pvt Ltd Full time ₹ 5 - ₹ 6 per year

    Company Name: Qseap Infotech Pvt LtdJob Title: Security Consultant – RCExperience: 0-3+ years.Location: Navi MumbaiSalary : - Upto 5-6LPAJob SummaryWe are looking security consultant, who will work for internal audits and ISO 27001:2013 framework. As a Consultant in our consulting team, you'll build and nurture positive working relationships with teams and...

  • Security Consultant

    3 weeks ago


    Navi Mumbai, Maharashtra, India Eventus Security Full time

    Job DescriptionBy contacting us you agree with the storage and handling of your data by this website.LocationNavi MumbaiRequirementVulnerability Assessment, Penetration Testing, API TestingExperience3 + yrs. of industry experienceEssential Skills/CertificationsOSCP, CEH, ECSA, CRTP, PNPT, CRTASend Your CV To[Confidential Information]Job...


  • Mumbai, Maharashtra, India NMS Consultant Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Job Summary:-The Senior Manager – Information Security will spearhead the development and execution ofa comprehensive information security strategy that supports the organization's businessobjectives and regulatory requirements. This role requires a strategic leader with deeptechnical expertise and proven experience managing enterprise security programs,...


  • Navi Mumbai, Maharashtra, India Tata Technologies Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Role & responsibilitiesDesignation: Sr. AnalystPosition Summary:We are looking for a professional having intermediate knowledge on Vulnerability assessment and penetration testing (web application, infra, mobile application, APIs) Compliance frameworks- ISO 27001:2022, NIST CSF, DPDA 2023. Skilled in identifying security risks, ensuring regulatory...


  • Mumbai, Maharashtra, India WTW Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Mumbai, Maharashtra, IndiaBevorzugtDescriptionSecurity Consultancy / Project Risk AssessmentsEngage on projects and programs outside of the Information Security Programme.Engage with different global information security teams while working on projects.Keep abreast with latest industry trends, current attack techniques, threat intelligence.Recommend...


  • Navi Mumbai, Maharashtra, India WTW Global Delivery And Solutions Full time US$ 90,000 - US$ 1,20,000 per year

    Job SummeryAs the Information Security Associate within the Business Security Operations (BusSecOps) team, you will be responsible for implementing and maintaining information & cyber security practices across WTW.Candidate would be required to gain a high-level of knowledge and understanding of critical technology applications and security standards. You...


  • Mumbai, Maharashtra, India pentacube Full time ₹ 5,00,000 - ₹ 25,00,000 per year

    We are seeking a Information Security and Privacy consultant to help our clients design, implement, and manage privacy frameworks aligned with the Digital Personal Data Protection (DPDP) Act, 2023 and ISO/IEC 27701 standards. The consultant will be responsible for assessing privacy risks, advising on compliance requirements, and supporting implementation of...


  • Mumbai, Maharashtra, India Bank of America Full time ₹ 15,00,000 - ₹ 20,00,000 per year

    Job Description:About UsJob Description*Responsibilities*Candidates must have at least 8-10 years of relevant experience. (Previous information technology/security audit/assessment experience is a plus.). Previous security audit/assessment or remediation experience. Previous experience reviewing independent audit reports / certification (e.g., ISO 27001,...

  • Network Security

    6 days ago


    Mumbai, Maharashtra, India Sattrix Information Security Full time ₹ 8,00,000 - ₹ 25,00,000 per year

    Device Management (IDM) Support Engineers – L1, L2 & L3Location: Chennai, Hyderabad and MumbaiIDM (Skills required):Forcepoint - DLPRSAFIM - Trellix/TripwireSeclorePIM - Arcon / Cyber ArcEmail - O 365 - DefenderOpen Positions:L3 - Device Management Support Engineer / SMEExperience: 10–12 years (Minimum 7 years in Security Operations, Architecture &...