Back to Jobs

Penetration Tester / Vulnerability Analyst

Actively Reviewing the Applications

Cozmotec

Indore On-site

Posted 8 hours ago • Apply by June 18, 2026

Job Description

Location: On-site – Indore, Madhya Pradesh, India

Experience: 3–6 Years

Job Type: Full-Time

About the Role

We’re looking for a sharp and hands-on Penetration Tester / Vulnerability Analyst to take the lead on assessing and improving the security of web and API applications developed for our global clients, particularly in Ireland and Europe. You’ll work closely with development and DevOps teams to identify security gaps, conduct tests, and help automate ongoing vulnerability scanning.

This is a critical role focused on proactive defense — not just finding issues, but working with the team to fix them properly and prevent them in future builds.

Key Responsibilities

Perform regular penetration testing on web, mobile, and backend/API applications
Conduct vulnerability assessments using commercial and open-source tools (e.g., Burp Suite, OWASP ZAP, Nessus, Nmap)
Analyze findings, prepare structured reports, and assist developers with remediations
Automate recurring security scans and integrate them into CI/CD pipelines
Validate third-party libraries and dependencies for known exploits (SCA)
Stay up to date on current threats and attack vectors, and assess their relevance to active projects
Support the implementation of secure coding practices and participate in threat modeling sessions

Requirements

3–6 years of experience in application security, vulnerability scanning, or penetration testing
Strong understanding of OWASP Top 10, web protocols, and secure software design
Experience testing systems built with Node.js, React, Laravel, or PHP-based stacks
Familiarity with tools like Burp Suite, ZAP, Nikto, Metasploit, Nessus, etc.
Ability to read and analyze code, particularly in JavaScript, PHP, or Python
Experience with writing structured, client-facing security reports
Strong English communication skills (written and verbal)

Nice to Have

Familiarity with SAST/DAST tools (e.g., SonarQube, Checkmarx)
Experience working in DevSecOps environments
Basic scripting skills to automate scanning workflows (Bash, Python)
Security certifications such as OSCP, CEH, or eJPT are a plus

Why Join Us?

Own the security function across multiple real-world products
Work closely with developers and founders to implement best practices
Be part of a growing, fast-moving team delivering platforms for international clients
Startup-like culture with room for initiative, autonomy, and real responsibility
Competitive salary and a collaborative work environment in our Indore office

To apply, send your resume and sample report (if available) to: [email protected]

Job Types: Full-time, Permanent

Pay: ₹20,000.00 - ₹50,000.00 per month

Work Location: In person