Requirements
Responsibilities:
Conduct black-box penetration testing of web applications and APIs to identify vulnerabilities, security weaknesses, and potential entry points.
Perform manual and automated penetration testing techniques to simulate real-world attack scenarios and uncover system vulnerabilities.
Execute various testing methodologies, including but not limited to vulnerability scanning, penetration testing, and security assessment.
Collaborate with development and infrastructure teams to understand the application architecture and identify potential security risks.
Create detailed reports documenting the identified vulnerabilities, their potential impact, and recommended remediation strategies.
Stay up-to-date with the latest security threats, vulnerabilities, and industry best practices to continually enhance penetration testing techniques.
Participate in team meetings, discussions, and knowledge-sharing sessions to contribute to the overall growth and success of the company.
Requirements:
Minimum of 2+ years of experience in penetration testing, specifically in web application and API security.
Strong understanding of web technologies, protocols, and frameworks (e.g., HTTP, HTML, CSS, JavaScript).
Proficient in using penetration testing tools and frameworks, such as Burp Suite, OWASP ZAP, or similar.
In-depth knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and their exploitation techniques.
Familiarity with API security testing, including authentication, authorization, and API endpoint vulnerabilities.
Ability to analyze and interpret security scan results, identify false positives, and prioritize critical vulnerabilities.
Excellent written and verbal communication skills to effectively communicate findings and recommendations to technical and non-technical stakeholders.
Relevant certifications such as OSCP, OSCE, CEH, or similar will be considered a plus.
Self-motivated, detail-oriented, and able to work independently as well as in a team environment.
About the Company
Security Lit Ltd, a New Zealand-headquartered cybersecurity company recently established as a Private Limited Company in India, is seeking a skilled and motivated Black-Box Penetration Tester to join our team in Mumbai. As a Black-Box Penetration Tester, you will be responsible for assessing the security posture of web applications and APIs through comprehensive penetration testing.