Bestkaam Logo
Back to Jobs
BNP Paribas

Penetration Tester

Actively Reviewing

BNP Paribas

Mumbai Full-Time 4–8 yrs exp Posted 1 month ago  · Apply by Jul 18, 2026

Security Test Engineer – Mobile & Web Pen‑Testing

ITG – CDF, Mumbai | BNP Paribas India Solutions


About BNP Paribas

BNP Paribas is Europe’s leading bank and a global financial‑services powerhouse, present in 65 countries with ~185 k employees. Our India Solutions division (Bengaluru, Chennai & Mumbai) delivers 24×7 technology services to the Group’s Corporate & Institutional Banking, Investment Solutions and Retail Banking businesses.

We champion diversity, inclusion and continuous learning – and we’re looking for a hands‑on security specialist to join our testing team.


About the Role

As a Security Test Engineer you will lead mobile, web and API security assessments for the Group’s applications. You’ll combine manual pen‑testing, static/dynamic analysis, reverse‑engineering and threat research to discover, validate and communicate vulnerabilities that could impact our clients and brand.


Responsibilities:

  • Perform end‑to‑end penetration tests (gray‑box & black‑box) on web, mobile (Android & iOS), API and thick‑client applications.
  • Conduct static (SAST) and dynamic (DAST) analysis of APKs/IPA files to uncover insecure storage, hard‑coded secrets, mis‑configurations, runtime hooking, parameter tampering, etc.
  • Reverse‑engineer and bypass client‑side protections – decompile binaries, analyze native libraries (.so/.dylib), defeat root/jailbreak detection, SSL‑pinning, obfuscation and tamper checks using tools such as Frida, Objection, Magisk, Xposed, etc.
  • Define test scope, design security scenarios and document findings in clear, reproducible reports.
  • Collaborate with developers to explain vulnerabilities, suggest remediations and ensure fixes are verified.
  • Escalate blocker issues to local and on‑shore stakeholders while adhering to testing processes and timelines.
  • Keep up‑to‑date with the latest mobile threat landscape and industry standards (OWASP MASVS/MASTG, OWASP Top 10) and share knowledge within the team.


Required Skills & Experience

  • Minimum 5 years of hands‑on mobile (Android & iOS) and web penetration testing.
  • Strong understanding of OWASP Top 10 and mobile security standards (MASVS/MASTG).
  • Proficiency with tools such as Burp Suite, OWASP ZAP, Kali Linux, MobSF, jadx, apktool, Frida, Objection, adb, Xcode, etc.
  • Solid reverse‑engineering experience (binary inspection, native library analysis).
  • Excellent written and verbal communication – ability to produce clear, actionable reports.
  • Strong analytical, time‑management and teamwork skills; self‑motivated and independent.


Nice‑to‑have

  • Experience with source‑code assessment (SCA/SAST).
  • Familiarity with CI/CD security integrations or cloud‑native testing (AWS/Azure).
  • Certifications such as OSCP, OSCE, CSSLP, CEH (preferred).


Education – Bachelor’s degree (or equivalent) in Computer Science, Information Security, Engineering or a related field.


What We Offer

  • Competitive salary and performance‑based bonus.
  • Comprehensive health, life and disability coverage plus retirement benefits.
  • Flexible working hours and a modern Mumbai office with hybrid options after onboarding.
  • Continuous learning – access to certifications, training labs, conferences and internal knowledge‑sharing sessions.
  • A diverse, inclusive culture where you can bring your whole self to work.


BNP Paribas India Solutions is an equal‑opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.