Location: Navi Mumbai
Employment Type: Full-Time
Experience: 3–6+ Years
About the Role
We are looking for a highly skilled Application Security / Offensive Security Engineer with a strong Red Team mindset to join our team. The role involves advanced penetration testing across Web, Mobile (Android & iOS), and APIs, focusing on real-world exploitation, vulnerability chaining, and bypassing modern security controls such as WAFs and client-side protections. If you thrive on deep technical challenges, scripting, and continuous research into emerging attack techniques, this role is for you.
Key Responsibilities
· Perform in-depth Web, Mobile, and API penetration testing with emphasis on exploitation and chaining vulnerabilities.
· Conduct Red Team-style application assessments across WAPT, MAPT, and API engagements.
· Develop custom scripts and tools to automate testing and bypass client-side security controls.
· Research and implement WAF evasion and bypass techniques.
· Reverse-engineer client-side and backend application logic.
· Identify business logic flaws and advanced attack paths.
· Deliver high-quality technical reports with reproduction steps, impact analysis, and remediation guidance.
· Stay updated with the latest vulnerabilities, attack techniques, and frameworks.
· Collaborate with development and security teams for secure design reviews and remediation.
Required Skills & Qualifications
· Strong hands-on experience in Web, Mobile (Android/iOS), and API Penetration Testing.
· Solid understanding of OWASP Top 10 (Web, Mobile, API).
· Experience with Java and JavaScript debugging.
· Ability to read, understand, and analyze JavaScript and Python code.
· Proficiency in Python (or equivalent scripting language) for automation and bypass tooling.
· Knowledge of modern web frameworks (React, Angular, Vue, Node.js, Spring Boot).
· Strong grasp of authentication, authorization, session management, and token-based security (OAuth, JWT, SAML).
· Familiarity with WAF technologies and bypass methodologies.
· Hands-on experience with Burp Suite, Frida, Objection, Postman, and mobile reversing tools.
Preferred Certifications
· OSCP
· eWPTX / eMAPT
· CRTP
Behavioural & Professional Attributes
· Strong research-driven and attacker mindset.
· Ability to work independently and lead complex security engagements.
· Excellent documentation and communication skills.
· Detail-oriented with a passion for deep technical problem-solving.
· Capability to mentor junior security testers.
Why Join Us?
· Opportunity to work on cutting-edge offensive security projects.
· Exposure to advanced Red Team engagements.
· Collaborative environment with continuous learning and growth.
