Blogs

Security Tester

Job Information:

Work Experience: 3+ Years
Industry: IT Services
Job Type: FULL TIME
Location: Mohali, India

Role Overview:

We are looking for a skilled and proactive Security Tester / VAPT Engineer with hands-on experience in performing security assessments across multiple platforms, including Web Applications, Mobile Applications (Android & iOS), APIs, Network Infrastructure, and AI/LLM-based systems. The candidate should possess strong knowledge of offensive security techniques, secure development practices, and modern attack vectors. The role involves identifying vulnerabilities, validating exploitability, providing remediation guidance, and supporting secure product development initiatives.

Key Responsibilities:

Web Application Security Testing:

  • Perform comprehensive VAPT for web applications using manual and automated techniques.
  • Identify vulnerabilities such as:
  • OWASP Top 10
  • Authentication & Authorization flaws
  • Business logic issues
  • SSRF, SSTI, XXE, CSRF, RCE, IDOR, etc.
  • Conduct secure configuration reviews and threat analysis.
  • Validate remediation fixes and provide detailed reports.

Mobile Application Security Testing (Android & iOS):

  • Conduct security assessments of Android and iOS applications.
  • Perform:
  • Static & Dynamic Analysis
  • Runtime instrumentation
  • Reverse engineering
  • SSL pinning bypass
  • Root/Jailbreak detection bypass
  • Local storage & keychain analysis
  • Analyze APK/IPA files and identify insecure implementations.
  • Use tools such as Burp Suite, Frida, Objection, MobSF, JADX, Hopper, Ghidra, etc.

API Security Testing:

Perform security testing for REST, GraphQL, SOAP, and gRPC APIs.

Identify vulnerabilities such as:

  • Broken Object Level Authorization (BOLA)
  • Broken Authentication
  • Injection attacks
  • Rate limit bypass
  • Sensitive data exposure
  • Validate API authentication mechanisms including OAuth, JWT, API Keys, etc

Cloud Security Assessment:

  • Perform security assessments of cloud environments across AWS, Azure, and GCP.
  • Identify cloud security misconfigurations, exposed services, and access control weaknesses.
  • Review IAM configurations, storage security, and network security settings.
  • Provide remediation recommendations to improve the overall cloud security posture.

Network & Infrastructure Security:

Conduct network VAPT and infrastructure assessments.

  • Perform:
  • Port and service enumeration
  • Firewall review
  • Misconfiguration assessment
  • Internal and external network testing
  • Identify weaknesses in servers, cloud environments, VPNs, wireless networks, and exposed services.

AI / LLM Security Testing:

  • Perform security assessments for AI/LLM-based applications and integrations.
  • Test for:
  • Prompt Injection
  • Jailbreak attacks
  • Data leakage
  • Model manipulation
  • Insecure plugin/tool integrations
  • Excessive agency risks
  • Evaluate AI application security posture using frameworks such as:
  • OWASP Top 10 for LLMs

Reporting & Collaboration:

  • Prepare detailed VAPT reports with risk ratings, PoCs, and remediation guidance.
  • Coordinate with development and DevOps teams for vulnerability remediation.
  • Support security reviews, audits, and compliance activities.
  • Stay updated with the latest vulnerabilities, exploits, and security trends.

Skills & Abilities:

  • Strong understanding of VAPT methodologies and security concepts.
  • Hands-on experience with:
  • Burp Suite
  • Nmap
  • Nessus/OpenVAS
  • Wireshark
  • Metasploit
  • Frida
  • MobSF
  • Postman
  • OWASP ZAP
  • Good understanding of:
  • OWASP Top 10
  • OWASP Mobile Top 10
  • API Security Top 10
  • Network security concepts
  • AI/LLM security risks
  • Experience in manual testing and exploit validation.
  • Hands-on experience or good understanding of cloud security concepts across AWS, Azure, and/or GCP.
  • Ability to identify common cloud security misconfigurations and access control issues.
  • Strong report writing and communication skills.
  • Familiarity with scripting languages such as Python, Bash, or JavaScript is preferred.

Preferred Qualifications:

  • Certifications such as:
  • OSCP
  • CEH
  • eWPT
  • eMAPT
  • PNPT
  • CISSP
  • CompTIA Security+
  • Experience with CI/CD security integration and DevSecOps practices.
  • Exposure to red teaming or adversarial testing is a plus.


Good to Have:

  • Experience with AI red teaming or LLM security tooling.
  • Experience in thick client or desktop application testing.
  • Knowledge of container/Kubernetes security.
  • Familiarity with SAST/DAST tools.
  • Bug bounty or responsible disclosure experience.