Penetration Testing / Vulnerability Assessment

Role & Responsibilities

3–7 years of total experience, hands-on experience in penetration testing and application security across web portals, mobile apps, and APIs with focus on transaction-intensive platforms.
Proven track record of identifying and remediating critical vulnerabilities in at least 1 Govt/PSU project or equivalent audit.
Familiarity with e-procurement/financial system fraud paerns (bid manipulation, price tampering).Strong skills in session/token security, replay attack testing, API penetration, and fraud simulation.
controlled attempts to breach or misuse functional flows, verify enforcement of business rules, access controls, and data validations, and ensure secure, fail-safe handling of errors, concurrency, and integration failures.
Proven expertise in simulating fraud scenarios to identify how buyers/sellers may attempt to manipulate procurement workflows — e.g., bid rigging, price tampering, replay attacks, fake approvals, or bypassing maker-checker controls.
Track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent highscale procurement/financial system.
Strong skills in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with ability to highlight business impact of each exploit (financial loss, unfair deal awards, reputational risk).
Deep understanding of e procurement/ marketplace fraud patterns (e.g., forged bids, multi-account collusion, transaction replay, audit trail manipulation).
Proficient in advanced security tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, combined with custom scripting for attack simulation.
Education/Certifications: Bachelor’s in engineering/IT or equivalent. (B.Tech / BE / MCA)
Mandatory Certification: At least one advanced security credential such as OSCP, OSWE, CEH Practical, or CREST.

Ideal Candidate

Strong Application Security / Penetration Testing Profiles
Mandatory (Experience 1):Must have 3+ years of total experience in Penetration Testing / Vulnerability Assessment with hands-on experience across web applications, mobile apps, and APIs, especially in transaction-intensive platforms.
Mandatory (Experience 2):Must have strong hands-on experience in business logic testing and fraud simulation, including scenarios such as bid manipulation, price tampering, replay attacks, fake approvals, and maker-checker bypass.
Mandatory (Skills 1): Proficiency in advanced security testing tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, and ability to perform custom attack scripting.
Mandatory (Skills 2): Strong expertise in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with the ability to highlight the business impact of each exploit (financial loss, unfair deal awards, reputational risk)
Mandatory (Education): Bachelor’s in Engineering/IT (B.Tech/BE) or MCA.
Mandatory (Certification): At least one advanced security credential: OSCP, OSWE, CEH Practical, or CREST.
Preferred: Proven track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent high-scale procurement/financial system.

Skills: testing,fraud,penetration testing,procurement,security

Penetration Testing / Vulnerability Assessment

Key Skills

Related Jobs

Lead for Red Team and Penetration Testing

Back End Developer

Testing Specialist

Related Jobs

Lead for Red Team and Penetration Testing

Back End Developer

Testing Specialist

Cookie Settings