Group Specialist - Penetration Testing

Company: dpworld

Location: Bangalore, Karnataka, India

Source: oracle

Language: english

<figure class="table"><table style="border-collapse:collapse;border:none;" border="1" cellspacing="0" cellpadding="0" width="655"><tbody><tr><td style="background-color:#B3B3B3;border:solid windowtext 1.0pt;padding:0cm 5.4pt 0cm 5.4pt;width:491.4pt;" width="655" valign="top"><h3 style="margin:6.0pt 0cm;">KEY ACCOUNTABILITIES</h3></td></tr><tr style="height:40.0pt;"><td style="border-top:none;border:solid windowtext 1.0pt;height:40.0pt;padding:0cm 5.4pt 0cm 5.4pt;width:491.4pt;" width="655" valign="top"> <ul style="list-style-type:disc;padding-left:29.73px;"><li>The ideal candidate should bring a balanced background across application security testing and infrastructure penetration testing, combined with the ability to write scripts, build tooling, automate test cases, analyze code/configurations, and integrate AI-enabled security tools into the testing lifecycle. The role requires close collaboration with engineering, infrastructure, cloud, SOC, architecture, and product teams to validate security posture, identify exploitable weaknesses, and drive remediation.</li><li>Modern testing workflows increasingly include AI-assisted capabilities. For example, PortSwigger documents Burp AI as a way to improve testing efficiency, understand complex technologies, and streamline authentication setup, while still keeping the tester in control. Microsoft also publishes current guidance for both penetration testing in Azure and LLM red teaming, which reflects the growing expectation that offensive security teams can test both traditional systems and AI-enabled systems.</li><li>Assist BUs in conducting access control reviews of their applications & systems</li></ul><h2>Application Penetration Testing</h2><ul style="list-style-type:disc;padding-left:29.73px;"><li>Perform hands-on penetration testing of web applications, APIs, mobile backends, middleware, and custom business applications. </li><li>Assess applications for vulnerabilities such as: <ul style="list-style-type:circle;"><li style="margin-bottom:6.0pt;">Broken access control / BOLA </li><li style="margin-bottom:6.0pt;">Authentication and session management flaws </li><li style="margin-bottom:6.0pt;">Injection vulnerabilities </li><li style="margin-bottom:6.0pt;">Server-side request forgery (SSRF) </li><li style="margin-bottom:6.0pt;">Business logic abuse </li><li style="margin-bottom:6.0pt;">Client-side security weaknesses </li><li style="margin-bottom:6.0pt;">Insecure deserialization </li><li style="margin-bottom:6.0pt;">Misconfigurations and secrets exposure  </li></ul></li><li>Conduct authenticated and unauthenticated assessments across internet-facing and internal applications. </li><li>Test REST, SOAP, GraphQL, and modern API architectures. </li><li>Review application architecture, trust boundaries, and data flows to identify realistic attack paths. </li><li>Validate remediation fixes and perform re-testing.</li><li style="tab-stops:list 36.0pt;">Perform infrastructure penetration testing across: <ul style="list-style-type:circle;"><li style="tab-stops:list 72.0pt;">Internal and external networks </li><li style="tab-stops:list 72.0pt;">Active Directory / Windows environments </li><li style="tab-stops:list 72.0pt;">Linux and Unix servers </li><li style="tab-stops:list 72.0pt;">Network devices and segmentation controls </li><li style="tab-stops:list 72.0pt;">VPN, remote access, and identity-connected infrastructure </li><li style="tab-stops:list 72.0pt;">Cloud environments and hybrid infrastructure </li></ul></li><li style="tab-stops:list 36.0pt;">Assess privilege escalation paths, lateral movement opportunities, credential exposure, trust abuses, and weak administrative controls. </li><li style="tab-stops:list 36.0pt;">Conduct attack path testing across enterprise environments to identify high-risk chaining opportunities. </li><li style="tab-stops:list 36.0pt;">Evaluate resilience of endpoint, network, identity, and server controls against real-world attack techniques.</li></ul>Evaluate and integrate modern AI-enabled testing capabilities into the pentesting workflow, such as:<ul style="list-style-type:disc;"><li style="tab-stops:list 36.0pt;">AI-assisted web testing and workflow understanding </li><li style="tab-stops:list 36.0pt;">AI-enhanced reporting/documentation </li><li style="tab-stops:list 36.0pt;">AI-supported attack-path reasoning </li><li style="tab-stops:list 36.0pt;">AI-assisted code and configuration review </li><li style="tab-stops:list 36.0pt;">AI red teaming for LLM- or agent-based applications where relevnt</li><li>Always act as an ambassador for DP World when working; promoting and demonstrating positive behaviours in harmony with DP World’s Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World’s Code of Conduct and Ethics policies</li><li>Perform other related duties as assigned </li></ul></td></tr></tbody></table></figure><figure class="table"><table style="border-collapse:collapse;border:none;" border="1" cellspacing="0" cellpadding="0" width="655"><tbody><tr style="height:11.7pt;"><td style="background-color:#B3B3B3;border:solid windowtext 1.0pt;height:11.7pt;padding:0cm 5.4pt 0cm 5.4pt;width:491.4pt;" width="655" valign="top">QUALIFICATIONS, EXPERIENCE AND SKILLS</td></tr><tr style="height:15.75pt;"><td style="border-top:none;border:solid windowtext 1.0pt;height:15.75pt;padding:0cm 5.4pt 0cm 5.4pt;width:491.4pt;" width="655" valign="top">Knowledge and Experience<ul style="list-style-type:disc;padding-left:29.73px;"><li>Bachelor’s Degree in Computer Science or equivalent</li><li>Should have 10-12 years of experience in application and infra pen testing.</li><li>Good understanding in E-commerce, logistics, supply chain & port operations applications will be an added advantage</li><li>Experience in establishing cyber & third-party risk management processes</li><li>Working knowledge of ISO 27001, COBIT 2019 etc.</li><li>Experience in working with Multinational Companies (MNC) is preferable</li></ul> Soft Skills<ul style="list-style-type:disc;padding-left:24px;"><li>Excellent communication & analytical skills</li><li>Program and Project management skills</li><li>Time management skills</li><li>Team player and conflict management skills</li><li>Coaching / guiding skills</li><li>Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own</li><li>Cultural awareness</li></ul> Technical Skills<ul style="list-style-type:disc;padding-left:24px;"><li>Strong hands-on experience in application penetration testing and infrastructure penetration testing. </li><li>Strong knowledge of: <ul style="list-style-type:circle;padding-left:48px;"><li>Web security testing </li><li>API security testing </li><li>Network and server exploitation fundamentals </li><li>Active Directory attack techniques </li><li>Windows and Linux internals </li><li>Authentication, identity, and privilege escalation paths </li><li>Cloud security fundamentals </li></ul></li><li>Strong hands-on experience with tools such as: <ul style="list-style-type:circle;padding-left:48px;"><li>Burp Suite </li><li>Nmap </li><li>Metasploit  </li><li>BloodHound  </li><li>Responder / Impacket </li><li>Nessus / Qualys </li><li>Wireshark  </li><li>Custom scripts and offensive security frameworks </li></ul></li><li>Strong programming / scripting skills in Python, PowerShell, Bash, JavaScript, or Go. </li><li>Ability to develop or modify tools, proof-of-concepts, payloads, and automation scripts. </li></ul>Understanding of secure coding concepts and ability to review code snippets for security issues. </td></tr></tbody></table></figure> #LI-AA6

🔥 Apply Now