Application Penetration Testing Lead

We’re Hiring | Application Penetration Testing Lead

Location: Pune
Work Mode: Work from Office
Experience: 10+ Years

We are looking for a highly skilled Application Penetration Testing Lead to own and drive advanced application security testing across web, mobile, and API platforms. This is a leadership role focused on deep manual testing, dynamic analysis, and real-world exploitation, working closely with development and architecture teams to strengthen the overall security posture.

Role Overview

As the Application Penetration Testing Lead, you will lead hands-on penetration testing initiatives, mentor junior testers, and partner with engineering teams to ensure vulnerabilities are effectively remediated using a risk-based approach.

Key Responsibilities

• Lead and perform end-to-end penetration testing for web, mobile, and API applications
• Execute manual and dynamic testing, including exploitation and fix validation
• Plan and author high-quality penetration test reports with risk ratings and remediation guidance
• Perform architecture and design reviews from an attack-surface and runtime perspective
• Identify business logic flaws, chained vulnerabilities, and advanced attack paths beyond automated scans
• Utilize tools like Burp Suite Pro, OWASP ZAP, intercepting proxies, fuzzers, scanners, Nmap, etc.
• Conduct third-party and vendor penetration assessments
• Work closely with developers, architects, and product teams to drive remediation and define SLAs
• Mentor junior pentesters on methodology, exploitation techniques, and reporting standards
• Present findings clearly to both technical teams and senior leadership
• Stay current with emerging attack techniques, tools, and application-level threats

Technical Expertise

• Strong hands-on experience in manual penetration testing (web, mobile, APIs)
• Expertise in DAST and runtime attack vectors
• Deep understanding of OWASP Top 10, WASC, CWE, and modern exploitation techniques
• Experience testing applications built on Java/J2EE, .NET, Python, PHP, JavaScript, and modern frameworks
• Solid knowledge of HTTP/HTTPS, SSL/TLS, OAuth, SAML, authentication & session management
• Mobile app testing experience (iOS & Android) and API security (REST, GraphQL)
• Familiarity with cloud-hosted environments such as AWS / Microsoft Azure / Google Cloud Platform from an attack-surface perspective
• Strong scripting skills (Python, Bash, or similar) for automation and exploit development

Preferred Qualifications

• Certifications: OSCP, OSWE, GPEN, GWAPT, ECSA, LPT, or equivalent
• Experience with red-team or advanced chained-exploit assessments
• Exposure to CI/CD-integrated pentesting workflows
• Prior experience in BFSI, healthcare, or regulated environments is a plus

Interested candidates, please share your updated resume to:
prathibha.velangini@avenirdigital.ai

Feel free to like, comment, or share with your network!

#Hiring #PenetrationTesting #ApplicationSecurity #CyberSecurityJobs #PentestLead #DAST #OWASP #SecurityTesting #PuneJobs #Infosec #AvenirDigital

Job Type: Full-time

Pay: ₹2,500,000.00 - ₹3,000,000.00 per year

Work Location: In person