Associate Staff Engineer – Penetration Testing | Nagarro | Remote (Sri Lanka)

View all jobs

Associate Staff Engineer – Penetration Testing | Nagarro | Remote (Sri Lanka)

Remote Sri Lanka
Full Time
Application ends: April 7, 2026
Apply Now
Shortlist

Job Description

Must have Skills : Security Assessment, Penetration Testing, Vulnerability Scanning, Security Testing,

Job Description : Looking for a security professional who is good at performing security testing of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders. Capability to think Out-of-the-Box and come up with attack vectors for the target components would be required for this role.

Experience and Qualifications: ·

  • Should have 3-6 year of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server) ·
  • Through knowledge of the OWASP framework and testing guide. ·
  • Hands-on knowledge of Pen testing, red team exercise, and bug hunting. ·
  • Hands-on knowledge of DAST/SAST/IAST solutions. ·
  • Knowledge on scripting (e.g. in python, PowerShell, JavaScript) to write automation scripts & PoCs. ·
  • Knowledge on SSO and OAuth 2.0 flows would be required ·
  • Bachelor degree. – Preferably in the field of Computer Science/ Computer Application/ Information & Technology/ Electronic & Communication Engineering. ·
  • Security certifications i.e. OSCP, OSWE, CCSP are a plus. ·
  • Experience in bug bounty hunting with well-known bug bounty platforms /vulnerability disclosure programs are a plus.
  • Should be good at performing Security Testing of the following: – Web Application – API – Mobile applications (android + iOS) – Infrastructure (Server + network) – AWS, Azure and GCP environments ·
  • Pen Testing and Red team exercises against assigned target scope. ·
  • Write automation & PoC scripts from time to time. ·
  • Should be able to perform assessment to detect open-shares and non-compliant AD accounts ·
  • Pentest Identity Provider (IdP) integrated applications with SSO and OAuth. Should be well versed with the following tools: · Burp Suite · Postman ·
  • VirtualBox · Kali Linux · Metasploit · Android Studio (AVD) ·
  • Scripting · Tenable · AWS, Azure and GCP ·
  • DAST and SAST solutions