Website:
tekshiras.com
Job details:
Key Responsibilities:
• Assist in the technical scoping of security testing activities based on client requirements and architecture reviews.
• Execute manual penetration testing across multiple domains, including:
o Web Application Penetration Testing
o Mobile Application Penetration Testing
o Web Services / API Penetration Testing
o Network Penetration Testing
o Thick Client Penetration Testing
• Conduct focused security research when not deployed on active engagements.
• Analyze and understand complex application, infrastructure, and solution architecture designs to identify security weaknesses.
• Provide consultative guidance to stakeholders on vulnerabilities identified, including clear and actionable remediation recommendations, both verbally and in writing.
• Prepare high-quality assessment reports with concise risk articulation and business-relevant recommendations.
• Enhance and update penetration testing methodologies, processes, playbooks, and standards documentation.
• Maintain technical proficiency through ongoing learning, certifications, and structured training paths.
• Effectively communicate the services, capabilities, and value proposition of the penetration testing team to internal and external stakeholders.
• Leverage automation and scripting, including AI-assisted and AI-integrated approaches, to improve testing efficiency and coverage.
• Support vulnerability research and exploit development activities using AI-enabled techniques where appropriate.
• Perform security testing for LLM-enabled applications and AI systems, including validation of common LLM-related risks and misuse scenarios.
Required Qualifications:
• Proven experience in manual Web Application Penetration Testing.
• Proven experience in manual Mobile Application Penetration Testing.
• Hands-on experience in API / Web Services Penetration Testing.
• Hands-on experience in Network Penetration Testing.
• Hands-on experience in Thick Client Penetration Testing.
• Strong understanding of common vulnerabilities, attack techniques, and remediation approaches across application and infrastructure security.
• Proficiency in analyzing complex architectures and identifying potential attack paths.
• Strong written and verbal communication skills, with the ability to explain technical findings to both technical and non-technical stakeholders.
• Ability to provide practical, risk-based, and actionable recommendations to clients.
• Experience with security testing tools, manual validation techniques, and scripting/automation to support testing activities.
Preferred Qualifications
• Experience with automation and scripting for penetration testing use cases.
• Exposure to AI-assisted security testing, AI-supported exploit research, or AI-integrated offensive security workflows.
• Experience in LLM security testing, prompt injection testing, model misuse scenarios, and security assessment of AI-enabled applications.
• Relevant industry certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.
• Familiarity with secure development practices and remediation validation.
• Experience working in global delivery models and supporting diverse stakeholder groups.
.
Key Responsibilities:
• Lead and support technical scoping of penetration testing and offensive security activities based on business needs, architecture, and risk profile.
• Perform advanced manual penetration testing across:
o Web Applications
o Mobile Applications
o Web Services / APIs
o Network environments
o Thick Client applications
• Assess complex application and infrastructure architectures to identify attack paths, design weaknesses, and security gaps.
• Validate vulnerabilities through hands-on testing and clearly distinguish exploitable findings from false positives.
• Provide consultative, risk-based guidance to clients and stakeholders on identified findings, including practical remediation recommendations in both verbal and written formats.
• Develop high-quality technical reports and executive-ready summaries that clearly articulate risk, business impact, and corrective actions.
• Conduct focused security research, vulnerability analysis, and exploit validation when not deployed on active engagements.
• Contribute to the enhancement of penetration testing methodologies, standards, playbooks, and internal processes.
• Maintain and expand technical proficiency through continuous learning, certifications, research, and training.
• Communicate team services and capabilities effectively to internal stakeholders and clients across global environments.
• Apply automation and scripting, including AI-assisted and AI-integrated techniques, to improve testing effectiveness and efficiency.
• Support emerging security testing areas such as AI-enabled applications, LLM security testing, and AI-assisted vulnerability research and exploit development.
• Manage multiple assignments concurrently, applying sound judgment to prioritize work, meet deadlines, and maintain quality.
Required Qualifications:
To be considered for this role, candidates should demonstrate the following:
• Proven experience in manual Web Application Penetration Testing.
• Proven experience in manual Mobile Application Penetration Testing.
• Hands-on experience in Web Services / API Penetration Testing.
• Hands-on experience in Network Penetration Testing.
• Hands-on experience in Thick Client Penetration Testing.
• Strong experience with common security testing tools such as Burp Suite, OWASP ZAP, Metasploit, Postman, Swagger, Nmap, Qualys, SQLMap, and similar tools.
• Experience using Kali Linux or other dedicated penetration testing operating system platforms.
• Advanced knowledge of network penetration testing, application penetration testing, and architectural security principles.
• Familiarity with software security weaknesses, common vulnerability classes, and attack techniques.
• Working knowledge of at least one scripting language such as Python, Bash, or PowerShell.
• Familiarity with at least one programming language and framework, enabling effective review and testing of application behavior.
• Strong written and verbal communication skills, including the ability to explain complex technical issues to varied audiences.
• Demonstrated experience working with diverse stakeholders, ideally in a global, multi-national environment.
• Ability to manage concurrent initiatives with effective prioritization, sound judgment, and strong time management.
Preferred Qualifications :
The following would be advantageous:
• Knowledge of or experience with:
o OWASP Top 10
o OWASP API Security Top 10
o OWASP Thick Client Top 10
o OWASP LLM Top 10
o MITRE ATT&CK Framework
• Experience in cloud service testing.
• Exposure to reverse engineering techniques.
• Familiarity with Static Application Security Testing (SAST).
• Familiarity with Dynamic Application Security Testing (DAST).
• Relevant certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.
• Experience with AI-assisted testing workflows, security assessment of LLM-enabled applications, or modern offensive security automation approaches.
Click on Apply to know more.