What We Offer:

• Canteen Subsidy
• Night Shift allowance as per process
• Health Insurance
• Tuition Reimbursement
• Work-Life Balance Initiatives
• Rewards & Recognition

What you will be doing:

• Plan and perform advanced security tests and assessments against web apps, APIs, mobile apps and related infrastructure hosted on AWS.
• Conduct threat modelling and attack surface analysis (web, API, authentication, serverless, IAM, network).
• Execute reconnaissance, advanced vulnerability discovery and verification using manual techniques and automated tooling.
• Test and assess AWS controls: IAM roles/policies, VPC configuration, security groups, S3, Lambda, API Gateway, EKS/ECS, CloudFront, KMS, etc.
• Produce clear, prioritized reports: technical findings, risk ratings, PoC steps, and remediation guidance.
• Work with engineering to reproduce, prioritize, and verify fixes; validate mitigations.
• Build and maintain automated security tests and CI/CD gates (SAST/DAST/IAST/Dependency scanning).
• Maintain and evolve security-assurance playbooks, checklists, and internal knowledge (runbooks for common classes).
• Keep abreast of emerging attack techniques, CVEs, and AWS service changes.
• Occasionally support incident response and post-mortem activities.
• Ability to understand process and prepare SOPs as and when required.

What we expect to have:

• 4+ years of experience in application and API security assurance or advanced QA for web and cloud environments.
• Strong knowledge of common web and API security risks and controls (authentication, authorization, data exposure, injection, etc.).
• Practical experience testing REST / GraphQL APIs (fuzzing, intercepting, schema abuse, auth bypass).
• Familiar with AWS services and common secure/insecure configurations (IAM, S3, Lambda, API Gateway, VPC, security groups, CloudTrail).
• Expertise with advanced security testing tools such as Burp Suite (Pro preferred), OWASP ZAP, Nmap, Nikto, sqlmap, Metasploit, Hydra, etc.
• Experience with vulnerability scanners (Nessus, OpenVAS) and dependency scanners (Snyk, Dependabot, OWASP Dependency-Check).
• Comfortable writing PoCs (curl, Python, Node scripts) and proofing exploits safely in test environments.
• Experience building automated security checks into CI/CD (GitHub Actions, GitLab CI, Jenkins, or similar).
• Good scripting skills (Python, Bash, or similar).
• Strong written and verbal communication — can turn technical findings into actionable remediation.
• Experience of Vanta platform for Security audits.

EDUCATION and/or EXPERIENCE:

• Bachelor’s degree or equivalent, or 4+ years of experience in security assurance, application security testing, or related fields.
• Experience with web apps, APIs, mobile apps and AWS is required.

LANGUAGE SKILLS:

• Ability to read, analyze, and interpret business and technical documents.
• Strong written and verbal communication skills.
• Ability to present to senior leadership and external partners.

WORK ENVIRONMENT:

• Primarily remote. May involve coordination across multiple time zones and work from the office as per need.