Experience: 3+ years (application/infrastructure security)
Role summary
Own offensive testing and hardening: continuous security in CI/CD, threat-model support, penetration testing, and remediation against OWASP and industry security standards.
Key responsibilities
- Run application and API penetration tests across mobile, web, and microservices; produce findings with severity and remediation guidance.
- Wire and tune SAST, DAST, SCA, IaC scanning, and secret scanning as CI/CD gates; manage the vulnerability lifecycle.
- Support STRIDE threat modeling during design and verify controls against OWASP Top 10 and ASVS.
- Harden infrastructure and configurations (API gateway/WAF, TLS, encryption at rest, KMS/HSM key handling, network baselines).
- Support SIEM integration, immutable audit logging, and incident-response runbooks.
- Validate remediation and produce penetration-test / compliance reports.
Required
- Hands-on web/API/mobile penetration testing (Burp Suite, OWASP ZAP, etc.) and secure-config hardening.
- Working knowledge of OWASP Top 10 / ASVS and secure SDLC; CI/CD security tooling (SAST/DAST/SCA/secret scanning).
- Cryptography fundamentals (TLS, AES, KMS/HSM) and IAM/auth security (OAuth2/JWT/MFA).
- Cloud and container security awareness (Kubernetes, IaC).
Nice to have
- Certifications: OSCP, CEH, GWAPT, or equivalent.
- SIEM and incident-response experience; regulated-industry security exposure.
Pay: ₹25,000.00 - ₹50,000.00 per month
Work Location: In person
