Senior/Lead Penetration tester

Location : Asite office in Ahmedabad, India (on-site) or Type: Full-time Experience: 5+ years Compensation: A strong salary depending on experience . About Asite Asite’s vision is to connect people and help the world build better. Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain. Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects. Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment. Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better. The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad). Job Summary We are seeking an experienced Penetration Tester to join our team of security professionals. As a senior penetration tester, you will be responsible for conducting comprehensive penetration testing on web applications, mobile and desktop apps, APIs, infrastructure, and other systems. You will utilize your expertise in threat modeling, automation of the testing, and advanced techniques to identify vulnerabilities and provide actionable recommendations to improve the overall security posture of Asite SDLC and systems. You will manage a small team that you also must mentor and guide in the best practices and help grow. You must have a passion for knowledge sharing and continuous learning. Key Responsibilities: Conduct thorough threat modelling, risk assessments and vulnerability scanning of web applications, mobile and desktop apps, APIs, infrastructure, and other systems Identify and exploit vulnerabilities using various penetration testing tools, techniques, and methodologies – PTES, NIST 800-115, OWASP Develop and maintain a comprehensive understanding of systems, including architecture, design patterns, and application logic Design and implement effective threat models to identify potential entry points for attackers using STRIDE and OWASP ASVS Automate testing using tools and integrating them such as vulnerability scanners, SAST, DAST, SCA and other relevant technologies including Collaborate with external penetration testing companies and clients to digest and review the risk of reports back to clients within their security requirements, provide recommendations to implement fixes to address identified vulnerabilities to internal stakeholders Stay up to date with the latest threats, vulnerabilities, red teaming, and penetration testing techniques through ongoing training and professional development Manage and mentor a team of junior and interns. Requirements: 5+ years of experience in penetration testing, with a strong focus on web applications, mobile and desktop apps, APIs, and infrastructure testing Proficient level of English both spoken or written to a bilingual level. Experience with cloud-based infrastructure and services - AWS, Azure, Google Cloud – containers, k8s and virtual machines. Proven expertise in threat modeling, automation of testing, and advanced techniques (e.g., exploit development, reverse engineering) OSCP or similar certification, GIAC Penetration Tester a plus Strong knowledge of web application security frameworks, such as OWASP Familiarity with mobile app security testing tools and techniques Experience with desktop application security testing, including reverse engineering and exploit development In-depth understanding of API security testing, including protocol analysis and exploitation Proficiency in scripting languages, such as Python, Ruby, or PowerShell Experience with agile development methodologies and collaboration tools like JIRA and their integrations Excellent communication, problem-solving, and analytical skills Nice to Have: Familiarity with DevOps practices and security orchestration, automation, and monitoring (SOAM) tools Knowledge of containerization technologies (e.g., Docker) and container-based vulnerability testing Experience with OWASP ASVS and similar frameworks What We Offer: Competitive salary and benefits package Opportunities for professional growth and development in a fast-paced and innovative environment Collaborative team culture that values open communication, mutual respect, and teamwork Access to cutting-edge security technologies and tools Flexible work arrangements, including remote work options If you are a motivated and experienced information security professional looking for a new challenge, please submit your resume. Join and help build a better, more efficient, and more secure world. #J-18808-Ljbffr