Qualitrix
Website:
qualitrix.com
Job details:
We are looking for a skilled Application Security Engineer / Penetration Tester with strong expertise in web, mobile, and API security, along with hands-on experience in fraud simulation and business logic testing for high-scale, transaction-heavy systems.
Role & Responsibilities
Application Security & Penetration Testing
- Perform penetration testing and vulnerability assessments across web applications, mobile apps, and APIs
- Identify, exploit, and help remediate critical security vulnerabilities
- Conduct session/token security testing, API penetration, and input manipulation testing
- Use advanced tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, along with custom scripts
Business Logic Testing & Fraud Simulation
- Simulate real-world fraud scenarios such as bid manipulation, price tampering, replay attacks, and fake approvals
- Test business logic vulnerabilities including maker-checker bypass, workflow manipulation, and access control gaps
- Validate data integrity, concurrency handling, and fail-safe mechanisms
- Highlight business impact of vulnerabilities (financial loss, unfair transactions, reputational risk)
Domain-Specific Security
- Analyze and test e-procurement and financial systems for fraud patterns
- Identify risks like multi-account collusion, forged bids, audit trail manipulation, and transaction replay
Collaboration & Reporting
- Work closely with engineering and product teams to remediate vulnerabilities
- Deliver detailed reports with actionable insights and risk prioritization
- Ensure compliance with security standards and best practices
Ideal Candidate
- 5+ years of total experience, with 3+ years in Penetration Testing / Application Security
- Strong hands-on experience in business logic testing and fraud simulation
- Expertise in authentication, session/token security, API testing, and input manipulation
- Proven ability to identify and remediate critical vulnerabilities in large-scale systems
- Experience working on Government/PSU or high-scale financial/procurement platforms is a plus
Skills & Tools
- Proficiency in Burp Suite, OWASP ZAP, Kali Linux, Metasploit
- Ability to perform custom scripting for advanced attack simulations
- Strong understanding of application security frameworks and testing methodologies
Education & Certifications
- Bachelor’s degree in Engineering / IT (B.Tech / BE / MCA)
- At least one advanced certification: OSCP / OSWE / CEH Practical / CREST
Why Join?
- Work on high-impact, mission-critical systems
- Opportunity to solve complex security and fraud challenges
- Collaborate with cross-functional teams on cutting-edge security practices
Click on Apply to know more.