Description :

About Qualitrix :

Qualitrix (www.qualitrix.com) is a leading digital testing boutique firm providing a complete portfolio of software quality engineering and testing solutions through a flexible combination of its on-shore, off-shore and crowdsourced workforce. Our clients range from growth stage start-ups to unicorns, to fortune 500 firms cutting across industries and covering the latest technologies in digital, cloud and IoT space.

Our Vision : To make every digital user happy

Our Mission : To deliver a best seller app by continuously improving it on all quality dimensions, faster and cheaper.

Our unique value proposition :

- Maximize automation, technology and user engagement to predict the accuracy and market alignment.

- Innovate in QA products and platforms : TaaS cloud platform (oprimes), full-stack test automation solution (Infinitum), fully-equipped digital QA lab on cloud, accelerators built over open source stack.

- Thought leadership to bring user engagement into QA lifecycle to derive continuous improvement and early digital innovation.

Company Size : Startup / Small Enterprise

Working Days : 5 days/week

Office Location : Connaught Place, Delhi

Role & Responsibilities :

- 3-7 years of total experience, hands-on experience in penetration testing and application security across web portals, mobile apps, and APIs with focus on transaction-intensive platforms.

- Proven track record of identifying and remediating critical vulnerabilities in at least 1 Govt/PSU project or equivalent audit.

- Familiarity with e-procurement/financial system fraud paerns (bid manipulation, price tampering).

- Strong skills in session/token security, replay attack testing, API penetration, and fraud simulation.

- Controlled attempts to breach or misuse functional flows, verify enforcement of business rules, access controls, and data validations, and ensure secure, fail-safe handling of errors, concurrency, and integration failures.

- Proven expertise in simulating fraud scenarios to identify how buyers/sellers may attempt to manipulate procurement workflows e.g., bid rigging, price tampering, replay attacks, fake approvals, or bypassing maker-checker controls.

- Track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent highscale procurement/financial system.

- Strong skills in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with ability to highlight business impact of each exploit (financial loss, unfair deal awards, reputational risk).

- Deep understanding of e procurement/ marketplace fraud patterns (e.g., forged bids, multi-account collusion, transaction replay, audit trail manipulation).

- Proficient in advanced security tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, combined with custom scripting for attack simulation.

- Education/Certifications : Bachelors in engineering/IT or equivalent. (B.Tech / BE / MCA)

- Mandatory Certification : At least one advanced security credential such as OSCP, OSWE, CEH Practical, or CREST.