CG-VAK Software & Exports Ltd.
Penetration Testing / Vulnerability Assessment
CG-VAK Software & Exports Ltd.India8 hours ago
Full-timeQuality Assurance
Role & Responsibilities

  • 3–7 years of total experience, hands-on experience in penetration testing and application security across web portals, mobile apps, and APIs with focus on transaction-intensive platforms.
  • Proven track record of identifying and remediating critical vulnerabilities in at least 1 Govt/PSU project or equivalent audit.
  • Familiarity with e-procurement/financial system fraud paerns (bid manipulation, price tampering).Strong skills in session/token security, replay attack testing, API penetration, and fraud simulation.
  • controlled attempts to breach or misuse functional flows, verify enforcement of business rules, access controls, and data validations, and ensure secure, fail-safe handling of errors, concurrency, and integration failures.
  • Proven expertise in simulating fraud scenarios to identify how buyers/sellers may attempt to manipulate procurement workflows — e.g., bid rigging, price tampering, replay attacks, fake approvals, or bypassing maker-checker controls.
  • Track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent highscale procurement/financial system.
  • Strong skills in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with ability to highlight business impact of each exploit (financial loss, unfair deal awards, reputational risk).
  • Deep understanding of e procurement/ marketplace fraud patterns (e.g., forged bids, multi-account collusion, transaction replay, audit trail manipulation).
  • Proficient in advanced security tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, combined with custom scripting for attack simulation.
  • Education/Certifications: Bachelor’s in engineering/IT or equivalent. (B.Tech / BE / MCA)
  • Mandatory Certification: At least one advanced security credential such as OSCP, OSWE, CEH Practical, or CREST.

Ideal Candidate

  • Strong Application Security / Penetration Testing Profiles
  • Mandatory (Experience 1):Must have 3+ years of total experience in Penetration Testing / Vulnerability Assessment with hands-on experience across web applications, mobile apps, and APIs, especially in transaction-intensive platforms.
  • Mandatory (Experience 2):Must have strong hands-on experience in business logic testing and fraud simulation, including scenarios such as bid manipulation, price tampering, replay attacks, fake approvals, and maker-checker bypass.
  • Mandatory (Skills 1): Proficiency in advanced security testing tools such as Burp Suite, OWASP ZAP, Kali Linux, Metasploit, and ability to perform custom attack scripting.
  • Mandatory (Skills 2): Strong expertise in authentication, session/token security, API penetration, input manipulation, and fraud simulation, with the ability to highlight the business impact of each exploit (financial loss, unfair deal awards, reputational risk)
  • Mandatory (Education): Bachelor’s in Engineering/IT (B.Tech/BE) or MCA.
  • Mandatory (Certification): At least one advanced security credential: OSCP, OSWE, CEH Practical, or CREST.
  • Preferred: Proven track record of identifying and helping remediate critical vulnerabilities in at least one Government/PSU or equivalent high-scale procurement/financial system.

Skills: testing,fraud,penetration testing,procurement,security

Key Skills

Ranked by relevance
Apply