Description :

Roles & Responsibilities :

- Conduct penetration testing and red team assessments on web applications, APIs, networks, cloud environments, and CI/CD pipelines.

- Identify and exploit advanced vulnerabilities, including authentication/authorization bypass, business logic flaws, privilege escalation, and chained attacks.

- Assess and secure cloud platforms such as AWS, Azure, and GCP, including identity, configuration, and service-level risks.

- Simulate real-world attack scenarios using red team tactics, techniques, and procedures (TTPs).

- Test and validate security in CI/CD pipelines, containerized environments, and DevSecOps workflows.

- Assess AI/LLM-based systems for prompt injection, model abuse, and data leakage.

- Prepare detailed penetration test and red team reports, including PoCs, risk assessment, and remediation recommendations.

- Collaborate with development, DevOps, and security teams to implement security improvements.

- Stay updated with the latest vulnerabilities, attack techniques, and threat intelligence.

What Were Looking For :

- 5 to 9 years of experience in Application Security / Red Team / Penetration Testing

- Strong hands on experience with Burp Suite, Metasploit, Cobalt Strike, Kali ?

- Expertise in Web, API, Cloud (AWS/Azure/GCP), Network & CI/CD Security

- Experience with advanced vulnerability exploitation (auth issues, logic flaws, privilege escalation)

- Exposure to AI/LLM security prompt injection, model abuse, data leakage

- Strong scripting skills Python, PowerShell, Bash, Java, C/C++ ??

Certifications :

- OSCP Mandatory

- OSCE / OSWE Highly Preferred

- CEH, GWAPT, OSEP, CRTO Added advantage