Mandatory tech Skills :

- 3+ years of experience in?vulnerability assessment and penetration testing?(of Website, Mobile apps & API) using manual discovery, thick client validation, and exploitation of web app and network vulnerabilities.

- Knowledge and work experience of doing Pen test using SAST and DAST approach

- Delving into the intricacies of web application security, network vulnerabilities, infrastructure weaknesses, API exposures, mobile app insecurities, and cloud?infrastructure risks.

- Proficiency in scanning & testing tools such as Nessus, Qualys WAS, BurpSuite, CheckMarX, Accunetix, Wireshark, etc.

- Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, Openshift infra, dockers/container infra etc.

- Thorough experience in configurations reviews (Manual and Automated) against CIS benchmarks and security standards.

- Knowledge of OWASP Top 10

- Conduct port scanning, banner grabbing, service enumeration, and protocol-level analysis.

- Exploit discovered vulnerabilities using manual methods and custom scripts (e.g., Python, Bash)

Bonus Skills (Not Required but Nice to Have) :

- Experience with Active Directory attacks (Kerberoasting, Pass-the-Hash, etc.)

- Cloud security pentesting (AWS IAM misconfigurations, S3 bucket checks).

- Familiarity with scripting (Python, Bash, PowerShell) for automation or exploitation.

- Red team exposure or purple team engagements