4+ Penetration testing Jobs in Hyderabad | Penetration testing Job openings in Hyderabad
Apply to 4+ Penetration testing Jobs in Hyderabad on CutShort.io. Explore the latest Penetration testing Job opportunities across top companies like Google, Amazon & Adobe.
Key Responsibilities
- Establish, lead, and develop a penetration testing team, including recruitment, onboarding, mentoring, performance management, and career development.
- Define the team structure, capability model, skills matrix, training plan, and operating procedures.
- Develop and mature penetration testing services across areas such as web applications, APIs, infrastructure, cloud, Active Directory, wireless, mobile, social engineering, red teaming, and attack simulation.
- Define, own, and maintain methodologies, standards, scopes of work, report templates, and QA processes.
- Own engagement models and commercial assets including pricing models and delivery processes..
- Own the end-to-end delivery of penetration testing engagements, ensuring work is delivered safely, legally, on time, and to a high technical standard.
- Act as the technical authority for penetration testing, providing escalation support and quality review for complex findings and reports.
- Build trusted relationships with clients, internal stakeholders, technology teams, risk teams, and senior leadership.
- Identify market demand, emerging threats, and customer needs to shape the future service roadmap.
- Support pre-sales, bid responses, proposals, scoping calls, statements of work, and commercial discussions.
- Ensure all testing activity is conducted within agreed rules of engagement, legal boundaries, regulatory requirements, and internal governance.
- Implement quality control processes, peer review, report assurance, technical standards, and continuous improvement mechanisms.
- Track team performance, utilisation, revenue, margin, delivery quality, customer satisfaction, and remediation outcomes where relevant.
- Maintain awareness of emerging vulnerabilities, exploit techniques, threat actor tactics, industry trends, and regulatory changes.
- Represent the penetration testing function in senior management forums, client meetings, audits, and risk committees.
- Develop strategic partnerships, tooling strategies, lab environments, knowledge bases, and reusable assets to improve delivery efficiency and quality.
Required Skills and Experience
- Significant industry experience in penetration testing, offensive security, red teaming, vulnerability assessment, or security consultancy.
- Proven experience in leading, managing, and mentoring penetration testers and offensive security professionals.
- Demonstrable ability to create, grow, or mature a security testing function, consultancy practice, or technical service line.
- Strong technical background across web application, API, infrastructure, cloud, Active Directory, and network penetration testing.
- Experience in developing service offerings, methodologies, testing standards, engagement models, and reporting frameworks.
- Strong understanding of common security frameworks, standards, and scoring methodologies, including OWASP, MITRE ATT&CK, NIST, ISO 27001, PCI DSS, Cyber Essentials, and CVSS.
- Experience in managing multiple concurrent engagements, priorities, stakeholders, and delivery risks.
- Ability to review and challenge technical findings, exploit evidence, risk ratings, and remediation recommendations.
- Strong commercial awareness, including experience with scoping, pricing, proposals, bids, utilisation, profitability, and customer relationship management.
- Excellent written and verbal communication skills, with the ability to engage technical teams, executives, clients, auditors, and regulators.
- Strong understanding of legal, ethical, and operational risk considerations associated with penetration testing.
- Experience building processes for quality assurance, peer review, safe testing, evidence handling, and reporting consistency.
Certifications
Candidates should hold relevant industry certifications such as:
- OSCP, OSEP, OSWE, OSED, or other Offensive Security certifications
- CREST Certified Tester, CREST Certified Infrastructure Tester, CREST Certified Web Application Tester, or equivalent
- GIAC certifications such as GPEN, GWAPT, GXPN, GMOB, GCPN, or GSE
- CISSP, CISM, CRISC, or similar senior security management certifications
- CompTIA PenTest+ or Security+
Holding multiple technical and leadership-focused certifications would be advantageous.
Desirable Skills
- Experience building a penetration testing team, consultancy practice, or managed security testing service from inception through to delivery and execution.
- Experience creating go-to-market propositions, service catalogues, sales collateral, and delivery playbooks.
- Previous responsibility for revenue, budget, headcount, utilisation, margin, or service profitability.
- Experience with red teaming, threat-led penetration testing, adversary simulation, purple teaming, or assumed-breach exercises.
- Experience delivering services aligned to CREST, PCI DSS, CBEST, TIBER, STAR-FS, or similar assurance schemes.
- Knowledge of cloud security testing across AWS, Azure, or Google Cloud Platform.
- Experience with DevSecOps, CI/CD security testing, container security, Kubernetes assessments, and secure software development practices.
- Experience selecting, implementing, and managing penetration testing tools, labs, reporting platforms, and collaboration systems.
- Experience managing external suppliers, contractors, or partner organisations.
- Ability to mentor senior consultants and develop future technical leaders.
Amazon Web Services (AWS)About The Company -
OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.
Key Responsibilities:
- Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
- Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
- Work closely with the DevOps team to secure the cloud environment.
- Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
- Improve and automate cybersecurity processes within the CI/CD pipelines.
- Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
- Deliver awareness sessions on Secure Development to engineering/development teams
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
- Preparing and launching social engineering campaigns;
Key Skills:
- Expertise in application(Web & Mobile) and infrastructure penetration testing.
- Strong experience with Azure or AWS cloud environments and its security controls.
- Experience with microservices architectures & distributed Platforms
- Strong experience with using Agile software development and securing CI/CD pipeline.
- Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
- Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
- Knowledge of common exploitation techniques and mitigations.
- Experience in implementing and managing a vulnerability management program (process and technology).
- Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
- Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
- Strong understanding of OWASP, PTES and other penetration testing methodologies.
- Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
- Strong knowledge in preparing and launching social engineering campaigns.
- Ability to program or script in your preferred language
- Good understanding of network and OS principles
- Strong written and spoken English skills and ability to write high-quality reports
- An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification
Cultural Traits common to all OYO Leaders -
● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity
● Ownership – anything between you and your job is also your job
● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities
● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you
Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.
This IT company is currently hiring for penetration testing.
PHP
PythonJOB DESCRIPTION
(NOTE- we are looking for those candidates who join immediately or notice period of within 15-20days)
• Job Scope
o Conduct penetration testing on internal website/system owned by EC-Council
o Produce a report and presentation to the system owner explaining the security
structure and the vulnerabilities of the system
o Conduct scoping for any new projects
o Research and recommend fixes for issues/vulnerabilities identified during the
penetration testing
o Create and update security test plan regularly according to the nature of the website
assigned
o Conduct research on new vulnerabilities and threats regularly to improve oneself
capabilities
• Minimum Requirements
o At least 3 year experience in conducting any three of the following
▪ Network Penetration Testing
▪ Mobile Application Penetration Testing
▪ Web Application Penetration Testing
▪ Source Code Review
▪ Writing, extending and modifying exploits, shellcode
▪ Reverse engineering malware, data obfuscation and ciphers
o Bachelor’s degree in IT security related field or equivalent
o Any (2) of the following certification ; OSCP, OSCE, OSEP, OSWE, CRT, LPT or
equivalent
o Proficiency in at least 1 programming language such as PHP, ruby, Python, Perl
o Strong understanding of encryption (SSL/TLS, PKI) and other authentication methods
o Good experience with tools used for penetration testing such as Metasploit,
BurpSuite, w3af, Kali Linux, SQLMap, Skipfish
o Excellent written and verbal communication skills, especially when dealing with
large reports and datasets with a high standard of documentation
o Mastery in linux/unix operating system and bash/Powershell
Amazon Web Services (AWS)Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
Follow Cutshort