6+ Burp suite Jobs in India

Job Title: QA Tester – Security & Vulnerability Testing

Experience: 3+ Years

Location: Gurugram (6 Days WFO)

Job Summary :

We’re seeking a QA Tester with strong experience in Vulnerability and Security Testing.

The ideal candidate will perform manual and automated penetration testing, identify security flaws, and work closely with development teams to ensure secure, compliant applications.

Key Responsibilities :

• Perform vulnerability assessments on web, mobile, and cloud apps.
• Conduct tests for OWASP Top 10 issues (e.g., SQLi, XSS, CSRF, SSRF).
• Use tools like Burp Suite, OWASP ZAP, Metasploit, Kali Linux, Nessus, etc.
• Automate security testing and integrate with CI/CD (Jenkins, GitHub, GitLab).
• Test and secure APIs, including auth mechanisms (OAuth, JWT, SAML).
• Ensure compliance with ISO 27001, GDPR, HIPAA, PCI-DSS.

Requirements :

• 3+ Years in QA with a focus on Security/Vulnerability Testing.
• Experience in manual & automated security testing.
• Knowledge of scripting (Python, Bash, JS).
• Familiarity with cloud platforms (AWS, Azure, GCP).
• Bonus: Certifications like CEH, OSCP, Security+, etc.

• OWASP Secure Code review,• Basic programing knowledge in any programming language and knowledge on secure development practices.
• OWASP TOP 10 vulnerabilities and their mitigations
• Hands on experience in Web Application Security Testing tools (SAST & DAST) and Penetration testing tools such as HP Fortify, Checkmarx, Acunetix, Nessus, Burp Suite, Metasploit., Qualys Guard, Kali Linux , etc.
• Understand/modify exploit code and find logical security flaws in applications
• Should have knowledge and experience on Network Security, Application Security, Internet Security, attack vectors.
• To carry out technical vulnerability assessments, identify potential vulnerabilities and provide recommended controls and support to mitigate them.

This profile will include following responsibilities:

- Perform Web Application Security Testing

- Perform Mobile Application Security Testing

- Scan Network for Security Vulnerabilities

- Co-ordinate with the clients for Project related queries

- Undertake meeting with the client teams for discussing security issues and recommendations

- Create detailed security reports

- Keep track of project progress & send regular updates

- Research on Open source security tools & new security topics

• Web Application Security – OWASP Top 10
• Mobile Application Security – Mobile OWASP Top 10
• Threat Modelling
• Risk Rating Frameworks
• Web Traffic Interception (For Web/Mobile apps)
• SSL
• Network Concepts
• Web Development Basics - HTTP/HTML/JavaScript
• Basic Mobile Application Concepts (either Android or IOS)

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

Roles and Responsibilities

• Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
• An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
• Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
• Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
• Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
• Ability to interact with project teams to understand the security requirements and come up with solutions
• Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
• Strong understanding of networking concept.

Desired Candidate Profile

• Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
• Able to work independently with minimal supervision.
• Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
• Keep stakeholders updated with communications and weekly reporting.
• Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
• Excellent communication skills - written, verbal, presentation and interpersonal.
• Willing to learn new skills and implement new technologies.
• Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.

Role & Responsibilities:

• Plan and execute Security Assessment Strategy
• Proactively implement security measures
• Implement tools to Monitor and Report Security violations
• Govern security specification guidelines adherence across product and organization

Skills & Qualification:

• IIT, BE or B Tech
• 4+ years of relevant work experience
• Expert in Application Information Security, VAPT
• Proficient using tools like BURP, NMAP, KALI etc.
• Good understanding of web technologies, APIs and mobile app development practices
• CEH certification preferred