Sr. Information Security Consultant

1 week ago


Navi Mumbai, Maharashtra, India Tinycrows Private Limited Full time ₹ 12,00,000 - ₹ 36,00,000 per year

Position:
Sr. Information Security Consultant

Location:
Navi
Mumbai, India

Experience:
Minimum of 4 to 5 years (relevant to the position and job responsibility)

Company Profile:

Tinycrows Private Limited is a budding cybersecurity firm working with BFSI, fintech, and technology-driven enterprises dedicated to helping these businesses protect their digital assets and mitigate risks. At Tinycrows, we follow a 'shift left' cybersecurity approach to fortify the security of products. Our team of trusted professionals, with experience from top consulting firms like Microsoft and Deloitte, design robust security solutions for various industries. We have a proven track record of implementing cybersecurity best practices for startups and large organizations, ensuring digital assets remain secure in today's threat landscape.

Role Description

Tinycrows has designed this role for a highly motivated and technically adept individual with strong expertise in 
Web
 and 
Mobile (iOS/Android) Application Penetration Testing
. This role requires analysing, designing and implementing robust security to help the stakeholders maintain and strengthen their security posture. An ideal fit for this position is an individual who is passionate about offensive security, with a hands-on approach to identifying vulnerabilities, supporting secure development, and contributing to scalable AppSec initiatives. Exposure to 
Red Team operations

Active Directory attack paths
, and
cloud environments
is a strong plus. The Consultant will work closely with clients to ensure the security of their digital assets.

Key Responsibilities

  • Execute in-depth security assessments and 
    Manual penetration testing
     of web and mobile applications.
  • Perform 
    secure code reviews
     to identify flaws across various tech stacks (e.g., JavaScript, Java/Kotlin, Swift, Python).
  • Contribute to the 
    automation and enhancement of internal testing frameworks
    , reporting tools, and reusable AppSec methodologies.
  • Leverage tools such as Burp Suite Pro, nmap, slmap, MobSF, Frida, Objection, Jadx, APKTool, and others as part of testing workflows.
  • Collaborate cross-functionally with developers, DevOps, and product teams to embed security across the SDLC.
  • Support and guidance to CISO, CIO and Product Team functions providing security reviews for prospective products and services.
  • Transfer of residual risks to the business/customer as required by the Client's risk management framework.
  • Collaboration with stakeholder and IT teams to support incident response and investigations using their knowledge of the technology systems sharing security insights.
  • Seek out, build and maintain trusting relationships and partnerships with internal and external stakeholders in order to accomplish key business objectives, using influencing and negotiating skills to achieve outcomes.
  • Support 
    Red Teaming engagements
    , including reconnaissance, initial access, and 
    Active Directory exploitation techniques
     (e.g., Kerberoasting, ACL abuse, lateral movement).
  • Deliver detailed technical findings and clear, actionable remediation guidance to both technical and non-technical stakeholders.

Key Skills

  • Practical experience in web and mobile application security testing, including real-world vulnerability exploitation and security implementation.
  • Strong proficiency with offensive security tools such as Burp Suite Pro, nmap, sqlmap, MobSF, Frida, Objection, etc.
  • Understanding of common vulnerabilities and standards (e.g., OWASP Top 10, CWE, MITRE ATT&CK).
  • Basic experience with cloud security reviews, particularly for AWS, Azure, or GCP-hosted environments.
  • Familiarity with secure development practices, modern CI/CD pipelines, and DevSecOps integration.
  • Excellent verbal and written communication skills, with the ability to clearly explain technical findings to diverse audiences.
  • Comfortable working independently in a fast-paced, highly technical environment.
  • Excellent written and verbal communication skills along with the ability to work independently and remotely
  • Current with the evolving threat landscape, emerging tools, and industry best practices in application security.

Preferred Qualifications

  • Formal Cyber Security qualification e.g. Degree/Masters or a well-recognized certification.
  • Exposure to 
    Red Teaming techniques

    Active Directory attack paths
    , and post-exploitation tooling (e.g., BloodHound, Rubeus, SharpHound).
  • Experience developing custom scripts or automation tooling using 
    Python

    Bash
    , or 
    PowerShell
    .
  • Familiarity with SAST/DAST tools and API security testing methodologies.

Preferred Certifications

  • Industry certifications such as 
    OSCP

    OSEP

    CRTP, eMAPT
     are a strong plus

Perks of Joining Tinycrows

If you value growth, ownership, and learning over just stability and routine, a start-up can be the perfect place for you because at Tinycrows, we deal with real problems, fast pivots, and innovation — you learn by doing, not just following manuals and your work directly shapes the company's success and culture — you're not "just a cog in the wheel". You get exposure to latest technologies, regulatory frameworks, and client-facing challenges. You get more autonomy, creativity, and ownership of projects, apart for this you also get:

  • Opportunity to be part of the core founding team and contribute to building security from the ground up.
  • Close collaboration with founders and key stakeholders (CISOs, CTOs, engineering leaders) ensuring your work directly influences strategic decisions.
  • Fast-paced, agile environment where innovation and curiosity are encouraged.
  • End-to-end ownership of security assessments, tooling, and strategy.
  • Steep learning curve with exposure to a wide variety of technologies and attack surfaces. Great opportunities to expand your role and accelerate your career path.
  • Collaborative team culture with support for skill-building and certifications.

This role requires the individual to work at the client's site. Therefore, working days, hours and holidays will be defined by the client.



  • Navi Mumbai, Maharashtra, India Qseap Infotech Pvt Ltd Full time ₹ 5 - ₹ 6 per year

    Company Name: Qseap Infotech Pvt LtdJob Title: Security Consultant – RCExperience: 0-3+ years.Location: Navi MumbaiSalary : - Upto 5-6LPAJob SummaryWe are looking security consultant, who will work for internal audits and ISO 27001:2013 framework. As a Consultant in our consulting team, you'll build and nurture positive working relationships with teams and...


  • Mumbai, Maharashtra, India NTek Software Solutions Full time ₹ 6,00,000 - ₹ 18,00,000 per year

    About the Company:AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider with over 6000 clients. Our work spans from auditing & consulting, IT security training, cyber forensics to product development and reselling major security products.Job Description:• Plan and execute audits of...

  • Security Consultant

    1 week ago


    Navi Mumbai, Maharashtra, India Qseap Infotech Full time

    Role & responsibilities - As a Security Consultant in our consulting team, youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. Youll: • Assist in InfoSec and IT operations project implementations and production • Contribute to documentation of Information Security policies,...


  • Mumbai, Maharashtra, India NMS Consultant Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Job Summary:-The Senior Manager – Information Security will spearhead the development and execution ofa comprehensive information security strategy that supports the organization's businessobjectives and regulatory requirements. This role requires a strategic leader with deeptechnical expertise and proven experience managing enterprise security programs,...


  • Navi Mumbai, Maharashtra, India Tata Technologies Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Role & responsibilitiesDesignation: Sr. AnalystPosition Summary:We are looking for a professional having intermediate knowledge on Vulnerability assessment and penetration testing (web application, infra, mobile application, APIs) Compliance frameworks- ISO 27001:2022, NIST CSF, DPDA 2023. Skilled in identifying security risks, ensuring regulatory...


  • Mumbai, Maharashtra, India WTW Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Mumbai, Maharashtra, IndiaBevorzugtDescriptionSecurity Consultancy / Project Risk AssessmentsEngage on projects and programs outside of the Information Security Programme.Engage with different global information security teams while working on projects.Keep abreast with latest industry trends, current attack techniques, threat intelligence.Recommend...

  • Sr Information

    1 day ago


    Navi Mumbai, Maharashtra, India Kiya Full time ₹ 8,00,000 - ₹ 24,00,000 per year

    Dear Candidate,GreetingsEnclosed the below JDAbout the Role:We are looking for an experienced Senior Information Security Specialist with strong hands-on expertise in cybersecurity implementation and operations. The ideal candidate will be responsible for ensuring the confidentiality, integrity, and availability of enterprise systems, data, and...


  • Mumbai, Maharashtra, India pentacube Full time ₹ 5,00,000 - ₹ 25,00,000 per year

    We are seeking a Information Security and Privacy consultant to help our clients design, implement, and manage privacy frameworks aligned with the Digital Personal Data Protection (DPDP) Act, 2023 and ISO/IEC 27701 standards. The consultant will be responsible for assessing privacy risks, advising on compliance requirements, and supporting implementation of...


  • Mumbai, Maharashtra, India Sattrix Information Security Full time ₹ 4,00,000 - ₹ 12,00,000 per year

    Job Title:Network Security Engineers (L1 / L2 / L3)Location:Chennai / Mumbai / HyderabadEmployment Type:Full-time | Client RoleShifts: Rotational ShiftsWork Mode:Work from OfficeAbout the Role:We are looking for highly skilled and motivatedNetwork Security Engineers (L1, L2 & L3). You'll be responsible for managing, operating, and optimizing a wide range of...


  • Navi Mumbai, Maharashtra, India Hipotz Full time ₹ 12,00,000 - ₹ 36,00,000 per year

    Requirements:Master's or bachelor's degree in information Technology / Information Security / Computer Science, or a related field.10 years of proven experience in Information Security, specifically in vendor risk assessments, cloud security, compliance and business continuity.Experience with security auditing, policy development and emergency response...