Job Description

Do you love a career where you Experience, Grow & Contribute at the same time, while earning at least 10% above the market?
If so, we are excited to have bumped onto you.

Learn how we are redefining the
meaning of work
, and be a part of the team raved by Clients, Job-seekers and Employees.

If you are a USI-CTS -Cyber-Penetration Tester (Analyst) looking for excitement, challenge and stability in your work, then you would be glad to come across this page.

We are an IT Solutions Integrator/Consulting Firm helping our clients hire the right professional for an exciting long-term project. Here are a few details.

Check if you are up for maximizing your earning/growth potential, leveraging our Disruptive
Talent Solution.

Role:
USI-CTS -Cyber-Penetration Tester (Analyst)

Location:
HYDERABAD, India

Experience:

USI-CTS -Cyber-Penetration Tester (Analyst)

Key Responsibilities

• Assist in the technical scoping of security testing activities based on client requirements and architecture reviews.

• Execute manual penetration testing across multiple domains, including:

o Web Application Penetration Testing

o Mobile Application Penetration Testing

o Web Services / API Penetration Testing

o Network Penetration Testing

o Thick Client Penetration Testing

• Conduct focused security research when not deployed on active engagements.

• Analyze and understand complex application, infrastructure, and solution architecture designs to identify security weaknesses.

• Provide consultative guidance to stakeholders on vulnerabilities identified, including clear and actionable remediation recommendations, both verbally and in writing.

• Prepare high-quality assessment reports with concise risk articulation and business-relevant recommendations.

• Enhance and update penetration testing methodologies, processes, playbooks, and standards documentation.

• Maintain technical proficiency through ongoing learning, certifications, and structured training paths.

• Effectively communicate the services, capabilities, and value proposition of the penetration testing team to internal and external stakeholders.

• Leverage automation and scripting, including AI-assisted and AI-integrated approaches, to improve testing efficiency and coverage.

• Support vulnerability research and exploit development activities using AI-enabled techniques where appropriate.

• Perform security testing for LLM-enabled applications and AI systems, including validation of common LLM-related risks and misuse scenarios.

Required Qualifications

• Proven experience in manual Web Application Penetration Testing.

• Proven experience in manual Mobile Application Penetration Testing.

• Hands-on experience in API / Web Services Penetration Testing.

• Hands-on experience in Network Penetration Testing.

• Hands-on experience in Thick Client Penetration Testing.

• Strong understanding of common vulnerabilities, attack techniques, and remediation approaches across application and infrastructure security.

• Proficiency in analyzing complex architectures and identifying potential attack paths.

• Strong written and verbal communication skills, with the ability to explain technical findings to both technical and non-technical stakeholders.

• Ability to provide practical, risk-based, and actionable recommendations to clients.

• Experience with security testing tools, manual validation techniques, and scripting/automation to support testing activities.

Preferred Qualifications

• Experience with automation and scripting for penetration testing use cases.

• Exposure to AI-assisted security testing, AI-supported exploit research, or AI-integrated offensive security workflows.

• Experience in LLM security testing, prompt injection testing, model misuse scenarios, and security assessment of AI-enabled applications.

• Relevant industry certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.

• Familiarity with secure development practices and remediation validation.

• Experience working in global delivery models and supporting diverse stakeholder groups.

Key Responsibilities

• Lead and support technical scoping of penetration testing and offensive security activities based on business needs, architecture, and risk profile.

• Perform advanced manual penetration testing across:

o Web Applications

o Mobile Applications

o Web Services / APIs

o Network environments

o Thick Client applications

• Assess complex application and infrastructure architectures to identify attack paths, design weaknesses, and security gaps.

• Validate vulnerabilities through hands-on testing and clearly distinguish exploitable findings from false positives.

• Provide consultative, risk-based guidance to clients and stakeholders on identified findings, including practical remediation recommendations in both verbal and written formats.

• Develop high-quality technical reports and executive-ready summaries that clearly articulate risk, business impact, and corrective actions.

• Conduct focused security research, vulnerability analysis, and exploit validation when not deployed on active engagements.

• Contribute to the enhancement of penetration testing methodologies, standards, playbooks, and internal processes.

• Maintain and expand technical proficiency through continuous learning, certifications, research, and training.

• Communicate team services and capabilities effectively to internal stakeholders and clients across global environments.

• Apply automation and scripting, including AI-assisted and AI-integrated techniques, to improve testing effectiveness and efficiency.

• Support emerging security testing areas such as AI-enabled applications, LLM security testing, and AI-assisted vulnerability research and exploit development.

• Manage multiple assignments concurrently, applying sound judgment to prioritize work, meet deadlines, and maintain quality.

Required Qualifications

To be considered for this role, candidates should demonstrate the following:

• Proven experience in manual Web Application Penetration Testing.

• Proven experience in manual Mobile Application Penetration Testing.

• Hands-on experience in Web Services / API Penetration Testing.

• Hands-on experience in Network Penetration Testing.

• Hands-on experience in Thick Client Penetration Testing.

• Strong experience with common security testing tools such as Burp Suite, OWASP ZAP, Metasploit, Postman, Swagger, Nmap, Qualys, SQLMap, and similar tools.

• Experience using Kali Linux or other dedicated penetration testing operating system platforms.

• Advanced knowledge of network penetration testing, application penetration testing, and architectural security principles.

• Familiarity with software security weaknesses, common vulnerability classes, and attack techniques.

• Working knowledge of at least one scripting language such as Python, Bash, or PowerShell.

• Familiarity with at least one programming language and framework, enabling effective review and testing of application behavior.

• Strong written and verbal communication skills, including the ability to explain complex technical issues to varied audiences.

• Demonstrated experience working with diverse stakeholders, ideally in a global, multi-national environment.

• Ability to manage concurrent initiatives with effective prioritization, sound judgment, and strong time management.

Preferred Qualifications

The following would be advantageous:

• Knowledge of or experience with:

o OWASP Top 10

o OWASP API Security Top 10

o OWASP Thick Client Top 10

o OWASP LLM Top 10

o MITRE ATT&CK Framework

• Experience in cloud service testing.

• Exposure to reverse engineering techniques.

• Familiarity with Static Application Security Testing (SAST).

• Familiarity with Dynamic Application Security Testing (DAST).

• Relevant certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.

• Experience with AI-assisted testing workflows, security assessment of LLM-enabled applications, or modern offensive security automation approaches.

Role Overview
, candidates should demonstrate the following: