Job Description

This role is for one of the Weekday's clients

Salary range: Rs 200000 - Rs 2300000 (ie INR 2-23 LPA)

Experience: 3+ yrs

Location: Bengaluru, Pune, Chennai, NOIDA

Job Type: full-time

We are seeking a highly skilled Penetration Tester to assess, identify, and validate security vulnerabilities across web applications, APIs, networks, cloud environments, and enterprise systems. This role requires hands-on expertise in offensive security, red teaming, vulnerability assessment, and advanced penetration testing methodologies. The ideal candidate will possess deep knowledge of attack vectors, exploitation techniques, Active Directory attacks, and modern threat actor tactics while staying current with emerging vulnerabilities, exploits, and security trends. You will be responsible for conducting comprehensive security assessments, simulating real-world attack scenarios, and delivering actionable remediation recommendations to strengthen organizational security posture. The role also involves collaborating with technical teams, mentoring security professionals, and contributing to advanced security testing initiatives across diverse environments.

Requirements

Key Responsibilities

• Conduct comprehensive penetration testing across web applications, APIs, internal networks, external infrastructure, cloud environments, and enterprise systems.
• Perform vulnerability assessments, exploit validation, and security testing following established methodologies and rules of engagement.
• Execute advanced web application security testing using tools such as Burp Suite and other industry-standard frameworks.
• Assess Active Directory environments and perform security evaluations using modern attack techniques.
• Conduct red team exercises and adversary simulations to evaluate organizational security defenses.
• Analyze and validate security vulnerabilities while providing detailed remediation recommendations.
• Perform network penetration testing while understanding security monitoring controls and detection mechanisms.
• Evaluate cloud security configurations and identify risks associated with cloud deployments.
• Utilize scripting and automation techniques to enhance testing efficiency and coverage.
• Document findings, prepare technical reports, and present security risks to stakeholders.
• Stay updated with the latest exploits, attack techniques, threat intelligence, and cybersecurity trends.
• Collaborate with security, infrastructure, and development teams to improve overall security posture.
• Lead security testing engagements and provide technical guidance to junior team members where required.

What Makes You a Great Fit

• Strong hands-on experience in penetration testing, vulnerability assessment, and offensive security operations.
• Expertise in web application security testing and OWASP Top 10 vulnerabilities.
• Proficiency with Burp Suite and other penetration testing tools and frameworks.
• Experience conducting network, web, API, wireless, and red team security assessments.
• Strong understanding of attack vectors, exploitation techniques, and vulnerability remediation processes.
• Deep knowledge of TCP/IP networking, operating systems, and security architecture.
• Experience with scripting or programming languages such as Python, Bash, PowerShell, Java, Golang, or similar.
• Familiarity with MITRE ATT&CK framework and modern threat actor tactics, techniques, and procedures (TTPs).
• Strong understanding of Active Directory security and attack methodologies.
• Knowledge of cloud security concepts and cloud-based attack vectors.
• Relevant offensive security certifications such as OSCP, OSEP, OSCE, GPEN, GWAPT, CRTP, CRTO, CREST CRT, AWS Security Specialty, or equivalent certifications are highly valued.
• Excellent analytical, problem-solving, communication, and report-writing skills.
• Ability to work independently and collaboratively in complex technical environments.
• Passion for continuous learning and contributing to the cybersecurity community through research, open-source projects, publications, or vulnerability disclosures.