Description :

- 3 to 7 years of total experience, hands-on experience in penetration testing and application security across web portals, mobile apps, and APIs with focus on transaction-intensive platforms.

- Proven track record of identifying and remediating critical vulnerabilities in at least 1 Govt/PSU project or equivalent audit.

- Familiarity with e-procurement/financial system fraud paerns (bid manipulation, price tampering).

- Strong skills in session/token security, replay attack testing, API penetration, and fraud simulation.

- controlled attempts to breach or misuse functional flows, verify enforcement of business rules, access controls, and data validations, and ensure secure, fail-safe handling of errors, concurrency, and integration failures.

- Proven expertise in simulating fraud scenarios to identify how buyers/sellers may attempt to manipulate procurement workflows e.g., bid rigging, price tampering, replay attacks, fake approvals, or bypassing maker-checker controls.

- Track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent highscale procurement/financial system.

- Strong skills in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with ability to highlight business impact of each exploit (financial loss, unfair deal awards, reputational risk).

- Deep understanding of e procurement/ marketplace fraud patterns (e.g., forged bids, multi-account collusion, transaction replay, audit trail manipulation).

- Proficient in advanced security tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, combined with custom scripting for attack simulation.

- Education/Certifications: Bachelors in engineering/IT or equivalent. (B.Tech / BE / MCA)

- Mandatory Certification: At least one advanced security credential such as OSCP, OSWE, CEH Practical, or CREST.

Ideal Candidate :

- Strong Application Security/Penetration Testing Profiles

- Mandatory ( Total Experience ) : Must have 5+ years of total experience, out of which minimum 3 years should be specifically in Penetration Testing / Vulnerability Assessment.

- Mandatory (Experience 2) : Must have strong hands-on experience in business logic testing and fraud simulation, including scenarios such as bid manipulation, price tampering, replay attacks, fake approvals, and maker-checker bypass.

- Mandatory (Skills 1) : Proficiency in advanced security testing tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, and ability to perform custom attack scripting.

- Mandatory (Skills 2) : Strong expertise in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with the ability to highlight the business impact of each exploit (financial loss, unfair deal awards, reputational risk)

- Mandatory (Education) : Bachelors in Engineering/IT (B.Tech/BE) or MCA.

- Mandatory (Certification) : At least one advanced security credential: OSCP, OSWE, CEH Practical, or CREST.

- Preferred : Proven track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent high-scale procurement/financial system.