Group Specialist - Penetration Testing (Application & Infrastructure Security)

DP World -
Bengaluru, Karnataka

Quick apply

Job details

Full-time

Qualifications

BCS
Penetration testing
Authentication
Azure
Go
Cloud architecture
Law
Computer Science
COBIT
Supply chain
UNIX
Windows
Master's degree
Bash (Unix shell)
SOAP
Analysis skills
Nessus
Cloud security
Bachelor's degree
JavaScript
Metasploit
Risk management
Conflict management
REST
Scripting
Burp Suite
APIs
ISO 27001
Linux
Nmap
GraphQL
AI
Communication skills
Python
PowerShell
Active Directory
Time management
VPN

Full job description

KEY ACCOUNTABILITIES

The ideal candidate should bring a balanced background across application security testing and infrastructure penetration testing, combined with the ability to write scripts, build tooling, automate test cases, analyze code/configurations, and integrate AI-enabled security tools into the testing lifecycle. The role requires close collaboration with engineering, infrastructure, cloud, SOC, architecture, and product teams to validate security posture, identify exploitable weaknesses, and drive remediation.
Modern testing workflows increasingly include AI-assisted capabilities. For example, PortSwigger documents Burp AI as a way to improve testing efficiency, understand complex technologies, and streamline authentication setup, while still keeping the tester in control. Microsoft also publishes current guidance for both penetration testing in Azure and LLM red teaming, which reflects the growing expectation that offensive security teams can test both traditional systems and AI-enabled systems.
Assist BUs in conducting access control reviews of their applications & systems
Perform hands-on penetration testing of web applications, APIs, mobile backends, middleware, and custom business applications.
Assess applications for vulnerabilities such as:
- Broken access control / BOLA
- Authentication and session management flaws
- Injection vulnerabilities
- Server-side request forgery (SSRF)
- Business logic abuse
- Client-side security weaknesses
- Insecure deserialization
- Misconfigurations and secrets exposure
Conduct authenticated and unauthenticated assessments across internet-facing and internal applications.
Test REST, SOAP, GraphQL, and modern API architectures.
Review application architecture, trust boundaries, and data flows to identify realistic attack paths.
Validate remediation fixes and perform re-testing.
Perform infrastructure penetration testing across:
- Internal and external networks
- Active Directory / Windows environments
- Linux and Unix servers
- Network devices and segmentation controls
- VPN, remote access, and identity-connected infrastructure
- Cloud environments and hybrid infrastructure
Assess privilege escalation paths, lateral movement opportunities, credential exposure, trust abuses, and weak administrative controls.
Conduct attack path testing across enterprise environments to identify high-risk chaining opportunities.
Evaluate resilience of endpoint, network, identity, and server controls against real-world attack techniques.

Evaluate and integrate modern AI-enabled testing capabilities into the pentesting workflow, such as:

AI-assisted web testing and workflow understanding
AI-enhanced reporting/documentation
AI-supported attack-path reasoning
AI-assisted code and configuration review
AI red teaming for LLM- or agent-based applications where relevnt
Always act as an ambassador for DP World when working; promoting and demonstrating positive behaviors in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies
Perform other related duties as assigned

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

Bachelor’s degree in computer science or equivalent
Should have 10-12 years of experience in application and infra pen testing.
Good understanding in E-commerce, logistics, supply chain & port operations applications will be an added advantage
Experience in establishing cyber & third-party risk management processes
Working knowledge of ISO 27001, COBIT 2019 etc.
Experience in working with Multinational Companies (MNC) is preferable

Soft Skills

Excellent communication & analytical skills
Program and Project management skills
Time management skills
Team player and conflict management skills
Coaching / guiding skills
Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own
Cultural awareness

Technical Skills

Strong hands-on experience in application penetration testing and infrastructure penetration testing.
Strong knowledge of:
- Web security testing
- API security testing
- Network and server exploitation fundamentals
- Active Directory attack techniques
- Windows and Linux internals
- Authentication, identity, and privilege escalation paths
- Cloud security fundamentals
Strong hands-on experience with tools such as:
- Burp Suite
- Nmap
- Metasploit
- BloodHound
- Responder / Impacket
- Nessus / Qualys
- Wireshark
- Custom scripts and offensive security frameworks
Strong programming / scripting skills in Python, PowerShell, Bash, JavaScript, or Go.
Ability to develop or modify tools, proof-of-concepts, payloads, and automation scripts.

Understanding of secure coding concepts and ability to review code snippets for security issues.

#LI-DP1

Quick apply

KEY ACCOUNTABILITIES

Jobseeker tools

Employer Tools

Browse

Stay Connected