Penetration Tester
CGI · Bengaluru, Karnataka, India - Chennai, Tamil Nadu, India - Hyderabad, Telangana, India
CGI · Bengaluru, Karnataka, India - Chennai, Tamil Nadu, India - Hyderabad, Telangana, India
**Your future duties and responsibilities:** - Perform penetration testing on web applications, APIs, mobile applications, thick clients, and enterprise platforms including SAP. - Conduct manual and automated vulnerability assessments and security testing. - Identify and exploit vulnerabilities such as SQL Injection, XSS, CSRF, IDOR, and RCE. - Manage vulnerability lifecycle including identification, validation, prioritization, and tracking. - Perform secure code reviews and validate SAST findings. - Use security tools such as Burp Suite, Nmap, Metasploit, Nessus, SQLMap, OWASP ZAP, and Checkmarx. - Apply knowledge of OWASP Top 10, CVE, CWE, and CVSS frameworks. - Prepare detailed vulnerability reports with risk ratings and remediation recommendations. - Communicate security findings to both technical and non-technical stakeholders. - Collaborate with developers and application teams to remediate vulnerabilities. - Support security testing integration within SDLC and CI/CD pipelines. **Must-Have Skills:** - 8-12 years of experience in penetration testing and application security. - Strong hands-on experience in manual and automated security testing. - Expertise in web, API, mobile, and enterprise application security testing. - Deep understanding of OWASP Top 10 vulnerabilities and exploitation techniques. - Strong knowledge of CVE, CWE, and CVSS scoring systems. - Hands-on experience with tools like Burp Suite, Nmap, Metasploit, Nessus, SQLMap, OWASP ZAP, and Checkmarx. - Experience in secure code review and SAST validation. - Strong understanding of authentication, authorization, and session management mechanisms. - Excellent analytical, problem-solving, and debugging skills. - Strong communication and reporting skills