Apply now »

Senior Engineer - Security Testing

Location:  Gurugram
|
Jul 22, 2025
 

RESPONSIBILITIES 

  • Perform penetration testing and vulnerability assessments on web, API, and mobile applications to identify security weaknesses 

  • Create new testing methods to identify vulnerabilities.  

  • Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses.  

  • Search for weaknesses in common software, web applications, and proprietary systems.  

  • Document and communicate findings as per ASVS checklist, risks, and recommendations in detailed reports for technical and non-technical stakeholders 

  • Review and provide feedback for information security fixes.  

  • Establish improvements for existing security services, including hardware, software, policies, and procedures.  

  • Identify areas where improvement is needed in security education and awareness for users. 

  • Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity).  

  • Stay updated on emerging threats, security trends, and best practices in cybersecurity to improve testing methodologies 

REQUIRED 

  • 3-6 years of Security Vulnerable, Exploitation, and Penetration testing experience.  

  • Experience with OWASP testing Guide / Open-Source Security Testing Methodology Manual  

  • Experience deploying enterprise security testing solutions.  

  • Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration.  

  • Advanced understanding of security concepts and security best practices  

  • Understanding and familiarity with common code review methods and standards  

  • Experience with performing penetration testing and risk assessments against computer networks  

  • Background with Qualys, Tenable, and OpenVAS Vulnerability Scanners 

  • Ability to think analytically.  

  • Knowledge of technical systems and terminology.  

  • Proficiency in scripting languages.  

  • Ability to identify and exploit vulnerabilities.  

GOOD TO HAVE 

  • Relevant industry certifications like CEH, GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience working with frameworks like MITRE ATT&CK/D3FEND) and security-related legal and regulatory requirements (ISO 27001, NIST, PCIDSS etc.). 

  • Strong problem-solving skills and leadership abilities, with good interpersonal skills to build relationships and communicate findings professionally, with fluency in written and spoken English. 

 

Apply now »