16+ Penetration testing Jobs in India

About HighLevel:  

HighLevel is a cloud-based, all-in-one white-label marketing and sales platform that empowers marketing agencies, entrepreneurs, and businesses to elevate their digital presence and drive growth. With a focus on streamlining marketing efforts and providing comprehensive solutions, HighLevel helps businesses of all sizes achieve their marketing goals. We currently have 1000+ employees across 15 countries, working remotely as well as in our headquarters, which is located in Dallas, Texas. Our goal as an employer is to maintain a strong company culture, foster creativity and collaboration, and encourage a healthy work-life balance for our employees wherever they call home.

Our Website - https://www.gohighlevel.com/

YouTube Channel - https://www.youtube.com/channel/UCXFiV4qDX5ipE-DQcsm1j4g

Blog Post - https://blog.gohighlevel.com/general-atlantic-joins-highlevel/

Our Customers:

HighLevel serves a diverse customer base, including over 60K agencies & entrepreneurs and 450K million businesses globally. Our customers range from small and medium-sized businesses to enterprises, spanning various industries and sectors.

Scale at HighLevel:

We work at scale; our infrastructure handles around 3 Billion+ API hits & 2 Billion+ message events monthly and over 25M views of customer pages daily. We also handle over 80 Terabytes of data across 5 Databases.

About the Team:

Currently we have millions of sales funnels, websites, attributions, forms and survey tools for lead generation. Our B2B customers use these tools to bring in the leads to the HighLevel CRM system. We are working to continuously improve the functionality of these tools to solve our customers’ business needs. In this role, you will be expected to be autonomous, guide other developers who might need technical help, collaborate with other technical teams, product, support and customer success

About the Role:

We are seeking a skilled Penetration Tester / Security Analyst to conduct comprehensive security assessments of our systems, applications, and infrastructure. This role will be responsible for identifying vulnerabilities, conducting penetration tests, and providing remediation guidance works directly with Security Architecture Principal.

What You Will Do:

• Conduct penetration tests on web applications, APIs, mobile applications, and cloud assets
• Perform vulnerability assessments and security scans
• Develop and maintain testing methodologies and procedures
• Create detailed reports on findings and provide remediation recommendations
• Assist in the development of secure coding guidelines
• Participate in the incident response process
• Stay current with the latest penetration testing techniques and tools

What You Bring:

• Bachelor's degree in Computer Science, Information Security, or related field
• 5+ years of experience in penetration testing or ethical hacking
• Strong knowledge of web application security, API security, and mobile application security
• Proficiency in using various penetration testing tools and techniques
• Experience with scripting languages (e.g., Python, Bash)
• Familiarity with common networking protocols and technologies
• Excellent analytical and problem-solving skills
• Strong written and verbal communication skills

Qualifications

• Relevant certifications such as OSCP, CEH, GPEN, or equivalent
• Experience with cloud platforms (AWS, Azure, GCP)
• Knowledge of secure development practices and SDLC
• Familiarity with compliance standards (e.g., PCI DSS, HIPAA)

Summary:

● We are seeking a highly motivated and experienced Cyber security

● Expert to join our team. You will be responsible

for safeguarding our IT infrastructure, data, and applications from cyber threats.

● You will have a deep understanding of server, endpoint, mail, and infrastructure security and possess strong incident response skills.

● Additionally, you will be well-versed in relevant regulations and how to navigate them during data breaches.

Responsibilities:

● Implement and maintain comprehensive security controls for servers, endpoints, mail, and infrastructure.

● Conduct regular vulnerability assessments and penetration testing.

● Monitor security logs and SIEM systems for suspicious activity.

● Investigate and respond to security incidents, including data breaches.

● Develop and implement incident response plans and procedures.

● Stay up-to-date on the latest cyber threats and vulnerabilities.

● Provide security awareness training to employees.

● Advise on and implement security best practices throughout the organization.

● Understand and comply with relevant data privacy and security regulations (e.g., HIPAA, GDPR, PCI DSS).

● Work collaboratively with IT, business units, and legal teams.

PortOne is re−imagining payments in Korea and other international markets. We are a Series B funded startup backed by prominent VC firms Softbank and Hanwa Capital

https://portone.io/global/en

PortOne provides a unified API for merchants to integrate with and manage all of the payment options available in Korea and SEA Markets - Thailand, Singapore, Indonesia etc. It's currently used by 2000+ companies and processing multi-billion dollars in annualized volume. We are building a team to take this product to international markets, and looking for engineers with a passion for fintech and digital payments.

Culture and Values at PortOne

• You will be joining a team that stands for Making a difference.
• You will be joining a culture that identifies more with Sports Teams rather than a 9 to 5 workplace.
• This will be remote role that allows you flexibility to save time on commute
• Your will have peers who are/have
• Highly Self Driven with A sense of purpose
• High Energy Levels - Building stuff is your sport
• Ownership - Solve customer problems end to end - Customer is your Boss
• Hunger to learn - Highly motivated to keep developing new tech skill sets

Who you are ?

* You are an athlete and Devops/DevSecOps is your sport.

* Your passion drives you to learn and build stuff and not because your manager tells you to.

* Your work ethic is that of an athlete preparing for your next marathon. Your sport drives you and you like being in the zone.

* You are NOT a clockwatcher renting out your time, and NOT have an attitude of "I will do only what is asked for"

* Enjoys solving problems and delight users both internally and externally

* Take pride in working on projects to successful completion involving a wide variety of technologies and systems

* Posses strong & effective communication skills and the ability to present complex ideas in a clear & concise way

* Responsible, self-directed, forward thinker, and operates with focus, discipline and minimal supervision

* A team player with a strong work ethic

Experience

* 2+ year of experience working as a Devops/DevSecOps Engineer

* BE in Computer Science or equivalent combination of technical education and work experience

* Must have actively managed infrastructure components & devops for high quality and high scale products

* Proficient knowledge and experience on infra concepts - Networking/Load Balancing/High Availability

* Experience on designing and configuring infra in cloud service providers - AWS / GCP / AZURE

* Knowledge on Secure Infrastructure practices and designs

* Experience with DevOps, DevSecOps, Release Engineering, and Automation

* Experience with Agile development incorporating TDD / CI / CD practices

Hands on Skills

* Proficient in atleast one high level Programming Language: Go / Java / C

* Proficient in scripting - bash scripting etc - to build/glue together devops/datapipeline workflows

* Proficient in Cloud Services - AWS / GCP / AZURE

* Hands on experience on CI/CD & relevant tools - Jenkins / Travis / Gitops / SonarQube / JUnit / Mock frameworks

* Hands on experience on Kubenetes ecosystem & container based deployments - Kubernetes / Docker / Helm Charts / Vault / Packer / lstio / Flyway

* Hands on experience on Infra as code frameworks - Terraform / Crossplane / Ansible

* Version Control & Code Quality: Git / Github / Bitbucket / SonarQube

* Experience on Monitoring Tools: Elasticsearch / Logstash / Kibana / Prometheus / Grafana / Datadog / Nagios

* Experience with RDBMS Databases & Caching services: Postgres / MySql / Redis / CDN

* Experience with Data Pipelines/Worflow tools: Airflow / Kafka / Flink / Pub-Sub

* DevSecOps - Cloud Security Assessment, Best Practices & Automation

* DevSecOps - Vulnerabiltiy Assessments/Penetration Testing for Web, Network and Mobile applications

* Preferrable to have Devops/Infra Experience for products in Payments/Fintech domain - Payment Gateways/Bank integrations etc

What will you do ?

Devops

* Provisioning the infrastructure using Crossplane/Terraform/Cloudformation scripts.

* Creating and Managing the AWS EC2, RDS, EKS, S3, VPC, KMS and IAM services, EKS clusters & RDS Databases.

* Monitor the infra to prevent outages/downtimes and honor our infra SLAs

* Deploy and manage new infra components.

* Update and Migrate the clusters and services.

* Reducing the cloud cost by enabling/scheduling for less utilized instances.

* Collaborate with stakeholders across the organization such as experts in - product, design, engineering

* Uphold best practices in Devops/DevSecOps and Infra management with attention to security best practices

DevSecOps

* Cloud Security Assessment & Automation

* Modify existing infra to adhere to security best practices

* Perform Threat Modelling of Web/Mobile applications

* Integrate security testing tools (SAST, DAST) in to CI/CD pipelines

* Incident management and remediation - Monitoring security incidents, recovery from and remediation of the issues

* Perform frequent Vulnerabiltiy Assessments/Penetration Testing for Web, Network and Mobile applications

* Ensure the environment is compliant to CIS, NIST, PCI etc.

Here are examples of apps/features you will be supporting as a Devops/DevSecOps Engineer

* Intuitive, easy-to-use APIs for payment process.

* Integrations with local payment gateways in international markets.

* Dashboard to manage gateways and transactions.

* Analytics platform to provide insights

Marrow is a learning platform for doctors, medical students, and other healthcare practitioners with topic-wise learning modules, tests and performance analytics, and high-quality recorded medical video classes. Marrow is currently used by over 5 lakh medical students in India to prepare for the country’s largest medical competitive exam - NEET PG.

USP of Marrow

1) Loved by more than 70% of aspiring doctors in India.

2) NEET-PG 2020, 2021, 2022,2023 - Top 10 Rankers were the Marrow users.

DailyRounds is a healthcare startup focused on organizing “Knowledge of practice of Medicine” and building a community of Doctors (and healthcare professionals). We hold the largest IP (intellectual property) in clinical medicine in India. We hope to put this IP, network, and our best efforts to help Doctors improve how they diagnose and treat. We are a diverse team of 300 people based in Bangalore.

We are product-driven. We believe businesses should scale and be profitable. We avoid fads and focus on what makes business sense, what can scale, and what can make a positive impact (in that order).

In April 2019 M3 India, the Indian subsidiary of Japanese Healthtech company M3 (one of the largest healthcare networks globally, listed on the Tokyo Stock Exchange), picked up a majority stake in DailyRounds to foray into case-based problem-solving, community platform, and

medical test preparation business in India.

We seek a highly skilled and experienced Mobile Application Security Engineer to join our dynamic security team. The ideal candidate will possess a deep understanding of mobile security for both Android and iOS platforms, with hands-on experience in identifying and mitigating security vulnerabilities. This role involves ensuring the security of mobile applications through rigorous testing, threat modeling, and implementation of security best practices.

What are we looking for

• 2-5 years of experience in mobile application security for Android and iOS platforms.
• Proven expertise in vulnerability assessment, penetration testing (VAPT), and security analysis of mobile applications.
• Strong understanding of Android and iOS security architectures.
• Proficiency in security tools such as Frida, Burp Suite, OWASP Mobile Security Testing Guide (MSTG), etc.
• Experience with common mobile security vulnerabilities (e.g., OWASP Mobile Top 10) and mitigation strategies.
• Knowledge of CVE databases and experience in reporting and managing vulnerabilities.
• Familiarity with secure coding practices and security standards.

What you will be doing here

Security Assessment and Testing:

• Conduct thorough security assessments of mobile applications, including static and dynamic analysis.
• Perform vulnerability assessments and penetration testing (VAPT) on Android and iOS applications.
• Utilize tools such as Frida, Burp Suite, and other mobile security testing frameworks to identify security weaknesses.

Vulnerability Management:

• Identify, report, and track mobile application security vulnerabilities (Common Vulnerabilities and Exposure)
• Work closely with development teams to ensure vulnerabilities are addressed and resolved.
• Develop and maintain a vulnerability management program for mobile applications.

Security Architecture and Design:

• Collaborate with development and product teams to design secure mobile applications.
• Implement security best practices and guidelines for mobile app development.
• Conduct threat modeling and risk assessments to identify potential security threats.

Security Tools and Automation:

• Develop and maintain custom scripts and tools to automate security testing.
• Stay updated with the latest security tools, technologies, and trends in mobile security.

Documentation and Reporting:

• Create detailed security assessment reports and documentation.
• Provide recommendations for security improvements and risk mitigation.
• Document security policies, procedures, and guidelines for mobile application security.

Please note that only shortlisted candidates will be contacted.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

1. Perform security assessment of web applications, Android, iOS mobile applications, Source Code Review

2. In-depth knowledge of security vulnerabilities not just limited to OWASP Top 10

3. False Positive removal and manual application testing      

4. Working exp of Python, Java, .Net etc         
5. Experience of using MF Fortify is a must

6. Proactively identify vulnerabilities and recommend fixes

7. Ownership of the tasks, Adapt to technologies/languages/platforms/frameworks of the time                                                                                     

8. Experience in using security tools to carry out manual as well as automated security assessments

9. Experience working with common product flows like payment gateway integration, authentication etc.                                                          

10. Client handling exp

11. Should be able to address client queries, work on proposals etc                                                        

12. Independent, self-motivated and comfortable working in a fast-paced environment with teams ranging from product to engineering teams

This profile will include following responsibilities:

- Perform Web Application Security Testing

- Scan Network for Security Vulnerabilities

- Create detailed security report

- Research on Open source security tools & new security topics

• Manage security tools(Snyk, Fossa, Trivy).
• Manage vulnerability programs. Triage vulnerabilities, assign priorities and owners, follow up on the mitigation 
• Monitor license violations.  
• Perform Security Assessments and Threat Modeling
• Security Incident Response. Be part of a security-on-call team in PagerDuty, act as incident commander, perform Root Cause Analysis.
• Drive security initiatives(Web Application Security, Least-privilege principle, Secrets Management, Key Management, PKI and Certificate Management, Anti-fraud protection).
• Given our fast pace and startup nature, things change over time and your job responsibilities will too.

You'll need:

• Web application security experience.
• Familiarity with a modern SaaS infrastructure and application development.
• Manual and/or automated Penetration Testing (white box, black box & grey box).
• Good understanding of security risk(OWASP Top 10).
• Pen-testing: burp suite/ postman, etc.
• Vulnerability management: Snyk, fossa, NexusIQ, WhiteHat security, aqua security, GitHub security, etc.
• Familiarity with major security protocols.
• Collaboration, transparency, and integrity.
• BS/MS degree; 5+ years of relevant experience.

Nice to have:

• Experience in scripting languages(BASH, Python, JS, etc).
• CEH, CSSLP, GIAC, OSCP, OSCE, or other related industry-recognized certifications.
•  

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

Job Responsibilities:

Experience: 8 Yrs to 12 Yrs

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Developing different ways to solve the existing threats and security issues.

Configuring and implementing intrusion detection systems and firewalls.

Security product development, testing, and implementation.

Responsible for security technology research, penetration testing, and vulnerability scanning.

Please follow the below inputs.

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

OSCP certification(Not mandatory, preferable)

Below are the primary key skills:

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS