Penetration Tester Consultant Senior

Experience: 1.00 + years

Salary: INR 1100000-2000000 / year (based on experience)

Expected Notice Period: 30 Days

Shift: (GMT+05:30) Asia/Kolkata (IST)

Opportunity Type: Office ()

Placement Type: Full Time Permanent position(Payroll and Compliance to be managed by: NST Cyber)

(*Note: This is a requirement for one of Uplers client - NST Cyber)

What do you need for this opportunity?

Must have skills required:

Python, Penetration Testing, Identity and Access Management (IAM), Multi-factor Authentication (MFA), Privilege access management (pam), Offensive Security certifications

NST Cyber is Looking for:

Penetration Testers here will perform hands-on offensive security testing across banking and regulated enterprise environments, with a focus on manual exploitation, control bypass, transaction abuse scenarios, and attack-path validation. This role is part of the Service Delivery function and requires strong technical depth and practical testing capability rather than scan-driven assessments.

Primary Responsibilities:

Candidates must demonstrate strong, hands-on experience in at least 3–4 of the areas below, preferably within banking, fintech, or regulated environments:

• Web Application Pentesting: Manual testing of banking apps, exploiting auth issues, IDORs, privilege escalation, business logic abuse, injections, SSRF, and file handling flaws. Validate real impact beyond scanner results.
• API & Service Security: Security testing of REST/SOAP/GraphQL APIs for web, mobile, and partner integrations. Focus on authorization flaws, data exposure, mass assignment, and service-to-service trust issues.
• Mobile Application Security (Android / iOS): Runtime and traffic analysis of mobile banking apps. Bypass SSL pinning, root/jailbreak detection, client-side controls, and identify insecure storage and API abuse.
• Network & Infrastructure Pentesting: Internal and external network testing in segmented environments. Validate misconfigurations, credential abuse, lateral movement, and segmentation controls.
• Active Directory & Adversary Simulation: Execute AD attacks including privilege escalation, credential abuse, lateral movement, and trust exploitation aligned to financial threat models.
• Cloud Security (AWS / Azure / GCP): Assess cloud-hosted banking workloads for IAM misconfigurations, over-permissive roles, exposed services, and insecure integrations, supported by exploitation evidence.
  
  
  

Additional Responsibilities :

• Execute penetration tests using manual techniques, supported by targeted automation and custom scripts
• Validate findings and eliminate false positives
• Build multi-step exploit chains demonstrating realistic banking compromise scenarios
• Document clear proof-of-concept exploits with impact and reproducibility
• Produce technical and executive reports suitable for regulated clients, risk teams, and audits
• Contribute to testing methodologies, playbooks, and pre-engagement questionnaires
  
  
  

Technical Requirements :

• 1–6 years of hands-on penetration testing or offensive security experience
• Proven experience delivering assessments in banking, fintech, or regulated enterprise environments
• Strong understanding of: OWASP Top 10, CWE/SANS Top 25, Real-world exploitation and abuse scenarios relevant to financial systems
• Ability to independently execute assigned assessments end-to-end
  
  
  

Tools & Technologies :

• Kali Linux, Burp Suite, Other offensive security tools, Custom scripts and payloads Programming / Scripting (required)
• Python (preferred)
  
  
  

Certifications:

• (OSCP / OSCP+
• CRTP
• eWPT / eWPTXv2
• OSWE / OSEP / OSCE
  
  
  

Interview Process:

• 15-min technical discussion with Arun
• 1 client interview round
  
  
  

How to apply for this opportunity?

• Step 1: Click On Apply! And Register or Login on our portal.
• Step 2: Complete the Screening Form & Upload updated Resume
• Step 3: Increase your chances to get shortlisted & meet the client for the Interview!
  
  
  

About Uplers:

Our goal is to make hiring reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant contractual onsite opportunities and progress in their career. We will support any grievances or challenges you may face during the engagement.

(Note: There are many more opportunities apart from this on the portal. Depending on the assessments you clear, you can apply for them as well).

So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, dont hesitate to apply today. We are waiting for you!

---