Red Team Specialist – I

Location: Navi Mumbai

Employment Type: Full-Time

Experience: 3–6+ Years

We are looking for a highly skilled Application Security / Offensive Security Engineer with a strong Red Team mindset to join our team. The role involves advanced penetration testing across Web, Mobile (Android & iOS), and APIs, focusing on real-world exploitation, vulnerability chaining, and bypassing modern security controls such as WAFs and client-side protections. If you thrive on deep technical challenges, scripting, and continuous research into emerging attack techniques, this role is for you.

·        Perform in-depth Web, Mobile, and API penetration testing with emphasis on exploitation and chaining vulnerabilities.

·        Conduct Red Team-style application assessments across WAPT, MAPT, and API engagements.

·        Develop custom scripts and tools to automate testing and bypass client-side security controls.

·        Research and implement WAF evasion and bypass techniques.

·        Reverse-engineer client-side and backend application logic.

·        Identify business logic flaws and advanced attack paths.

·        Deliver high-quality technical reports with reproduction steps, impact analysis, and remediation guidance.

·        Stay updated with the latest vulnerabilities, attack techniques, and frameworks.

·        Collaborate with development and security teams for secure design reviews and remediation.

·        Strong hands-on experience in Web, Mobile (Android/iOS), and API Penetration Testing.

·        Solid understanding of OWASP Top 10 (Web, Mobile, API).

·        Experience with Java and JavaScript debugging.

·        Ability to read, understand, and analyze JavaScript and Python code.

·        Proficiency in Python (or equivalent scripting language) for automation and bypass tooling.

·        Knowledge of modern web frameworks (React, Angular, Vue, Node.js, Spring Boot).

·        Strong grasp of authentication, authorization, session management, and token-based security (OAuth, JWT, SAML).

·        Familiarity with WAF technologies and bypass methodologies.

·        Hands-on experience with Burp Suite, Frida, Objection, Postman, and mobile reversing tools.

·        OSCP

·        eWPTX / eMAPT

·        CRTP

·        Strong research-driven and attacker mindset.

·        Ability to work independently and lead complex security engagements.

·        Excellent documentation and communication skills.

·        Detail-oriented with a passion for deep technical problem-solving.

·        Capability to mentor junior security testers.

·        Opportunity to work on cutting-edge offensive security projects.

·        Exposure to advanced Red Team engagements.

·        Collaborative environment with continuous learning and growth.