Sr. Information Security Consultant
1 week ago
Position:
Sr. Information Security Consultant
Location:
Navi
Mumbai, India
Experience:
Minimum of 4 to 5 years (relevant to the position and job responsibility)
Company Profile:
Tinycrows Private Limited is a budding cybersecurity firm working with BFSI, fintech, and technology-driven enterprises dedicated to helping these businesses protect their digital assets and mitigate risks. At Tinycrows, we follow a 'shift left' cybersecurity approach to fortify the security of products. Our team of trusted professionals, with experience from top consulting firms like Microsoft and Deloitte, design robust security solutions for various industries. We have a proven track record of implementing cybersecurity best practices for startups and large organizations, ensuring digital assets remain secure in today's threat landscape.
Role Description
Tinycrows has designed this role for a highly motivated and technically adept individual with strong expertise in
Web
and
Mobile (iOS/Android) Application Penetration Testing
. This role requires analysing, designing and implementing robust security to help the stakeholders maintain and strengthen their security posture. An ideal fit for this position is an individual who is passionate about offensive security, with a hands-on approach to identifying vulnerabilities, supporting secure development, and contributing to scalable AppSec initiatives. Exposure to
Red Team operations
,
Active Directory attack paths
, and
cloud environments
is a strong plus. The Consultant will work closely with clients to ensure the security of their digital assets.
Key Responsibilities
- Execute in-depth security assessments and
Manual penetration testing
of web and mobile applications. - Perform
secure code reviews
to identify flaws across various tech stacks (e.g., JavaScript, Java/Kotlin, Swift, Python). - Contribute to the
automation and enhancement of internal testing frameworks
, reporting tools, and reusable AppSec methodologies. - Leverage tools such as Burp Suite Pro, nmap, slmap, MobSF, Frida, Objection, Jadx, APKTool, and others as part of testing workflows.
- Collaborate cross-functionally with developers, DevOps, and product teams to embed security across the SDLC.
- Support and guidance to CISO, CIO and Product Team functions providing security reviews for prospective products and services.
- Transfer of residual risks to the business/customer as required by the Client's risk management framework.
- Collaboration with stakeholder and IT teams to support incident response and investigations using their knowledge of the technology systems sharing security insights.
- Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes.
- Support
Red Teaming engagements
, including reconnaissance, initial access, and
Active Directory exploitation techniques
(e.g., Kerberoasting, ACL abuse, lateral movement). - Deliver detailed technical findings and clear, actionable remediation guidance to both technical and non-technical stakeholders.
Key Skills
- Practical experience in web and mobile application security testing, including real-world vulnerability exploitation and security implementation.
- Strong proficiency with offensive security tools such as Burp Suite Pro, nmap, sqlmap, MobSF, Frida, Objection, etc.
- Understanding of common vulnerabilities and standards (e.g., OWASP Top 10, CWE, MITRE ATT&CK).
- Basic experience with cloud security reviews, particularly for AWS, Azure, or GCP-hosted environments.
- Familiarity with secure development practices, modern CI/CD pipelines, and DevSecOps integration.
- Excellent verbal and written communication skills, with the ability to clearly explain technical findings to diverse audiences.
- Comfortable working independently in a fast-paced, highly technical environment.
- Excellent written and verbal communication skills along with the ability to work independently and remotely
- Current with the evolving threat landscape, emerging tools, and industry best practices in application security.
Preferred Qualifications
- Formal Cyber Security qualification e.g. Degree/Masters or a well-recognized certification.
- Exposure to
Red Teaming techniques
,
Active Directory attack paths
, and post-exploitation tooling (e.g., BloodHound, Rubeus, SharpHound). - Experience developing custom scripts or automation tooling using
Python
,
Bash
, or
PowerShell
. - Familiarity with SAST/DAST tools and API security testing methodologies.
Preferred Certifications
- Industry certifications such as
OSCP
,
OSEP
,
CRTP, eMAPT
are a strong plus
Perks of Joining Tinycrows
If you value growth, ownership, and learning over just stability and routine, a start-up can be the perfect place for you because at Tinycrows, we deal with real problems, fast pivots, and innovation — you learn by doing, not just following manuals and your work directly shapes the company's success and culture — you're not "just a cog in the wheel". You get exposure to latest technologies, regulatory frameworks, and client-facing challenges. You get more autonomy, creativity, and ownership of projects, apart for this you also get:
- Opportunity to be part of the core founding team and contribute to building security from the ground up.
- Close collaboration with founders and key stakeholders (CISOs, CTOs, engineering leaders) ensuring your work directly influences strategic decisions.
- Fast-paced, agile environment where innovation and curiosity are encouraged.
- End-to-end ownership of security assessments, tooling, and strategy.
- Steep learning curve with exposure to a wide variety of technologies and attack surfaces. Great opportunities to expand your role and accelerate your career path.
- Collaborative team culture with support for skill-building and certifications.
This role requires the individual to work at the client's site. Therefore, working days, hours and holidays will be defined by the client.
-
Information Security Consultant-
6 days ago
Navi Mumbai, Maharashtra, India Qseap Infotech Pvt Ltd Full time ₹ 5 - ₹ 6 per yearCompany Name: Qseap Infotech Pvt LtdJob Title: Security Consultant – RCExperience: 0-3+ years.Location: Navi MumbaiSalary : - Upto 5-6LPAJob SummaryWe are looking security consultant, who will work for internal audits and ISO 27001:2013 framework. As a Consultant in our consulting team, you'll build and nurture positive working relationships with teams and...
-
Information Security Consultant
1 day ago
Mumbai, Maharashtra, India NTek Software Solutions Full time ₹ 6,00,000 - ₹ 18,00,000 per yearAbout the Company:AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider with over 6000 clients. Our work spans from auditing & consulting, IT security training, cyber forensics to product development and reselling major security products.Job Description:• Plan and execute audits of...
-
Security Consultant
1 week ago
Navi Mumbai, Maharashtra, India Qseap Infotech Full timeRole & responsibilities - As a Security Consultant in our consulting team, youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. Youll: • Assist in InfoSec and IT operations project implementations and production • Contribute to documentation of Information Security policies,...
-
Senior Manager Information Security
5 days ago
Mumbai, Maharashtra, India NMS Consultant Full time ₹ 12,00,000 - ₹ 36,00,000 per yearJob Summary:-The Senior Manager – Information Security will spearhead the development and execution ofa comprehensive information security strategy that supports the organization's businessobjectives and regulatory requirements. This role requires a strategic leader with deeptechnical expertise and proven experience managing enterprise security programs,...
-
Sr Analyst, It Security
1 week ago
Navi Mumbai, Maharashtra, India Tata Technologies Full time ₹ 12,00,000 - ₹ 36,00,000 per yearRole & responsibilitiesDesignation: Sr. AnalystPosition Summary:We are looking for a professional having intermediate knowledge on Vulnerability assessment and penetration testing (web application, infra, mobile application, APIs) Compliance frameworks- ISO 27001:2022, NIST CSF, DPDA 2023. Skilled in identifying security risks, ensuring regulatory...
-
Information Security Consultancy Assessor
1 week ago
Mumbai, Maharashtra, India WTW Full time ₹ 12,00,000 - ₹ 36,00,000 per yearMumbai, Maharashtra, IndiaBevorzugtDescriptionSecurity Consultancy / Project Risk AssessmentsEngage on projects and programs outside of the Information Security Programme.Engage with different global information security teams while working on projects.Keep abreast with latest industry trends, current attack techniques, threat intelligence.Recommend...
-
Sr Information
1 day ago
Navi Mumbai, Maharashtra, India Kiya Full time ₹ 8,00,000 - ₹ 24,00,000 per yearDear Candidate,GreetingsEnclosed the below JDAbout the Role:We are looking for an experienced Senior Information Security Specialist with strong hands-on expertise in cybersecurity implementation and operations. The ideal candidate will be responsible for ensuring the confidentiality, integrity, and availability of enterprise systems, data, and...
-
Information Security and Privacy Consultant
5 days ago
Mumbai, Maharashtra, India pentacube Full time ₹ 5,00,000 - ₹ 25,00,000 per yearWe are seeking a Information Security and Privacy consultant to help our clients design, implement, and manage privacy frameworks aligned with the Digital Personal Data Protection (DPDP) Act, 2023 and ISO/IEC 27701 standards. The consultant will be responsible for assessing privacy risks, advising on compliance requirements, and supporting implementation of...
-
Network Security Engineer
1 day ago
Mumbai, Maharashtra, India Sattrix Information Security Full time ₹ 4,00,000 - ₹ 12,00,000 per yearJob Title:Network Security Engineers (L1 / L2 / L3)Location:Chennai / Mumbai / HyderabadEmployment Type:Full-time | Client RoleShifts: Rotational ShiftsWork Mode:Work from OfficeAbout the Role:We are looking for highly skilled and motivatedNetwork Security Engineers (L1, L2 & L3). You'll be responsible for managing, operating, and optimizing a wide range of...
-
Information Security Manager
1 week ago
Navi Mumbai, Maharashtra, India Hipotz Full time ₹ 12,00,000 - ₹ 36,00,000 per yearRequirements:Master's or bachelor's degree in information Technology / Information Security / Computer Science, or a related field.10 years of proven experience in Information Security, specifically in vendor risk assessments, cloud security, compliance and business continuity.Experience with security auditing, policy development and emergency response...