Junior Penetration Tester (Cyber Security)
Job Description
Company: ServQual – Security
Location: Kalyan, IN
Location: Dombivli, Mumbai (Office Based)
Employment Type: Full-Time
Experience: 0-2 Years
Department: Cyber Security Consulting
About ServQual
ServQual is a UK-headquartered Cyber Security, Privacy, Governance, Risk & Compliance (GRC) consulting company with operations across the UK, USA, and India. We help organizations strengthen their security posture through penetration testing, vulnerability assessments, security audits, compliance programs, privacy consulting, managed security services, and our proprietary SUSAN cybersecurity platform.
Role Overview
We are seeking a motivated and technically inclined Junior Penetration Tester to join our growing cybersecurity team in Dombivli. The ideal candidate should have exposure to Web Application Security, Mobile Application Security (Android & iOS), API Security, Network Security Testing, and Vulnerability Assessments.
This role offers hands-on experience working on real-world security engagements for global clients across multiple industries. The successful candidate will work alongside experienced security consultants and participate in penetration testing, security assessments, compliance projects, and cybersecurity consulting engagements.
Key Responsibilities
• Perform Vulnerability Assessments and Penetration Testing (VAPT) of:
• Web Applications
• Mobile Applications (Android & iOS)
• APIs
• Internal Networks
• External Infrastructure
• Cloud Environments
• Conduct manual and automated security assessments.
• Identify, validate, exploit (where permitted), and document security vulnerabilities.
• Perform security testing aligned with OWASP, NIST, PTES, and industry best practices.
• Assist in preparing technical and executive-level penetration testing reports.
• Participate in mobile application security reviews and assessments.
• Support red team exercises and security audits.
• Perform remediation validation and re-testing activities.
• Assist clients with vulnerability remediation guidance.
• Participate in security research and proof-of-concept development.
• Stay updated on emerging threats, vulnerabilities, attack techniques, and security technologies.
• Contribute to internal knowledge bases, methodologies, and security documentation.
Required Skills
• Understanding of Networking Fundamentals:
• TCP/IP
• DNS
• HTTP/HTTPS
• Routing & Switching
• Firewalls
• Basic understanding of Linux and Windows operating systems.
• Understanding of Web Application Security concepts.
• Familiarity with OWASP Top 10.
• Basic understanding of API Security.
• Knowledge of common attack vectors and security vulnerabilities.
• Basic scripting knowledge in Python, Bash, PowerShell, or JavaScript.
• Strong analytical and troubleshooting skills.
• Good written and verbal communication skills.
• Ability to work independently and as part of a team.
Mobile Application Security (Preferred)
• Understanding of Mobile Application Security Testing for both Android and iOS platforms.
• Familiarity with OWASP Mobile Top 10.
• Knowledge of mobile application architecture, authentication mechanisms, API communications, secure storage, and encryption.
• Ability to identify common mobile application vulnerabilities including:
• Insecure Data Storage
• Weak Authentication & Authorization
• Insecure API Communications
• SSL/TLS Misconfigurations
• Reverse Engineering Risks
• Hardcoded Secrets and API Keys
• Runtime Security Weaknesses
Preferred Technical Skills
Experience or exposure to any of the following tools:
Web & API Security
• Burp Suite
• OWASP ZAP
• Postman
• SQLMap
• Nikto
Network Security
• Nmap
• Wireshark
• Nessus
• OpenVAS
• Metasploit
• Kali Linux
Mobile Security
• MobSF
• Frida
• Objection
• APKTool
• Jadx
• Android Studio
• Xcode
Cloud Security (Good to Have)
• AWS
• Microsoft Azure
• Google Cloud Platform (GCP)
Preferred Certifications (Not Mandatory)
• CEH (Certified Ethical Hacker)
• eJPT
• PNPT
• CompTIA Security+
• ISO 27001 Foundation
• CRTP
• Any recognized cybersecurity certification
Educational Qualification
• Bachelor’s Degree in Computer Science, Information Technology, Cyber Security, Engineering, or related field.
• Fresh graduates with strong practical cybersecurity skills are encouraged to apply.
• Candidates with cybersecurity internships, bug bounty participation, CTF experience, TryHackMe, Hack The Box, or personal security projects will be preferred.
Preferred Candidate Profile
We are looking for candidates who demonstrate:
• Passion for Cyber Security and Ethical Hacking.
• Strong curiosity and willingness to learn.
• Hands-on lab experience through:
• TryHackMe
• Hack The Box
• PortSwigger Academy
• Bug Bounty Programs
• CTF Competitions
• Interest in:
• Web Application Security
• Mobile Application Security
• API Security
• Cloud Security
• Red Teaming
• Threat Hunting
What We Offer
• Exposure to real-world client environments.
• Opportunity to work with global customers across the UK, USA, Europe, Middle East, and India.
• Mentorship from experienced cybersecurity professionals.
• Hands-on exposure to:
• Penetration Testing
• Security Architecture
• Privacy & Compliance
• ISO 27001
• SOC 2
• Cloud Security
• Security Operations
• Training and certification support.
• Career growth opportunities within a rapidly growing global cybersecurity company.
• Exposure to ServQual’s SUSAN Cyber Security & Privacy Platform.
Compensation
Salary Range: Negotiable based on experience.
Compensation will be based on:
• Technical skills
• Practical security knowledge
• Certifications
• Internship experience
• Mobile and web application testing experience
Work Arrangement
• Full-time office-based role.
• Location: Dombivli, Mumbai.
• Monday to Friday working UK hours.
• Candidates residing in Mumbai, Thane, Kalyan, Dombivli, Navi Mumbai, and nearby areas are preferred.
Source: Recruit.net
