Art Technology and Software India logo

Penetration Tester/Application Security Expert

Art Technology and Software India
4 days ago
Full-time
On-site
Kerala, India
Cybersecurity

Penetration Tester/Application Security Expert

In-Office -Infopark  Kochi

Position Overview
We seek an experienced Application Security Expert to join our Red Team. The role involves identifying and exploiting vulnerabilities across applications and IT environments, simulating real-world cyberattacks, performing advanced penetration testing, and providing security insights throughout the SDLC.

Key Responsibilities

  • Conduct full-scope red team engagements across web, mobile, cloud, network, and physical domains.
  • Perform adversary emulation using MITRE ATT&CK and threat intelligence.
  • Use and develop custom exploits and offensive tools (Cobalt Strike, Metasploit, Burp Suite, Kali).
  • Execute covert social engineering and physical security tests.
  • Exploit vulnerabilities and test detection/response capabilities.
  • Test web/mobile apps, APIs, cloud (AWS/Azure/GCP), networks, containers, Kubernetes, and CI/CD.
  • Identify complex vulnerabilities (logic flaws, auth issues, deserialization, privilege escalation).
  • Provide detailed remediation-focused reports.
  • Perform security assessments on AI/ML systems, including Large Language Models (LLMs), prompt injection testing, model abuse, data leakage risks, and adversarial attacks
  • Work with dev, DevOps, and security teams to embed security testing early.
  • Influence secure design and promote security awareness.
  • Retest fixes and automate testing workflows.
  • Prepare technical reports and executive summaries; present findings to teams and leadership.

Required Skills & Qualifications

  • 6 + years in application security, penetration testing, or red teaming.
  • Expertise with offensive tools (Metasploit, Burp Suite, Cobalt Strike, Kali).
  • Strong exploitation skills across web, network (Kerberos, SMB, LDAP), and cloud (IAM, misconfig).
  • Proficient in Python, Java, C/C++, PowerShell, or Bash.
  • Strong understanding of web architecture, AI, LLM, API security, networking, cloud security, containers, and CI/CD.

Certifications:

  • OSCP – Required
  • OSCE / OSWE – Highly preferred
  • CEH, GWAPT, OSEP, CRTO – Preferred