Company Profile:
At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve. At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com.
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans. We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please.
Job Title: IT Security, penetration testing L2
Category: Penetration Testing
Location: Bangalore
Employment Type: Full Time
Position ID: J0626-0802
Experience Required: 2-5 Years
Education Level: Bachelor's Degree or equivalent with at least 3-5 years of experience.
Job Summary:
We are looking for a highly motivated IT Security Analyst, Penetration Tester L2 with hands-on experience in Mobile, Web, and API Security Assessments. The candidate will be responsible for performing vulnerability assessments and penetration testing of enterprise applications, identifying security weaknesses, and collaborating with development teams to enhance application security posture.
Key Responsibilities:
Direct Responsibilities
. To perform Penetration testing (Gray Box and/or Black Box) for Web applications, Mobile, API, and thick client applications.
. Hands-on mobile penetration tester with strong knowledge and experience in Android and iOS application security testing (both static and dynamic), responsible for discovering, validating and reporting security issues in mobile applications.
. Perform Static analysis (SAST) and Dynamic analysis (DAST) on Android APKs and iOS IPA to identify insecure storage, hardcoded secrets, insecure configurations, runtime hooking, parameter tampering etc
. Conduct reverse engineering and protection bypass on mobile applications including decompiling /inspecting binaries, analyzing native libraries (.so/.dylib) and bypassing client-side protections (root / jailbreak detection, SSL pinning, obfuscation, tamper checks etc.) using tools like Frida, objection magisk, cydia/selio/zebra and Xposed.
. Strong research knowledge and should be updated with evolving mobile threats and industry standard (OWASP MASVS/MASTG)
. To understand the application's security requirements and identify & document the scope of the test.
. Ensure execution of the documented security scenarios for the application under test.
. Document and report all findings.
. Collaborate with the developers to help them understand the vulnerabilities reported in application.
. Escalate issues to the local management and onshore stakeholders in case it affects the testing progress.
. Ensure processes for the project is followed for the assessments.
Mandatory requirement
- Mobile, Web & API Penetration Testing
- Optional, experience in Source Code Assessment (SCA)/SAST.
Contributing Responsibilities
Technical & Behavioural Competencies
. Clear understanding of OWASP Top 10 - application security risks
. Tools/OS: Burp Suite, OWASP ZAP, Kali Linux, mobsf, jadx, dex2jar, adb, xcode, Frida, objection, apktool, putil, otool.
. Manual Security Testing & Analysis, Security Test Designing
. Excellent Interpersonal and presentation skills
. Strong in verbal and written communication
. Good analytical skills
. Strong Time Management
. Must be flexible, independent, self-motivated.
. Team player
Specific Qualifications:
CSSLP/CEH or equivalent certification preferred
Skills Referential (Required knowledge, skills and abilities)
Behavioural Skills:
. Ability to collaborate / Teamwork
. Attention to detail / rigor
. Adaptability
. Communication skills - oral & written