Candidates must demonstrate strong manual pen testing skills in both web applications and mobile (preferably Android and iOS). Basic tool-driven testing (like MobSF scans) is insufficient; hands-on manual testing experience is mandatory. Networking knowledge is preferred but thick client testing is not currently required. Screening must include verifying years of relevant experience and number of completed manual assessments.
Key Responsibilities
- Assist in the technical scoping of security testing activities based on client requirements and architecture reviews.
- Execute manual penetration testing across multiple domains, including:
o Web Application Penetration Testing
o Mobile Application Penetration Testing
o Web Services/ API Penetration Testing
o Network Penetration Testing
o Thick Client Penetration Testing
- Conduct focused security research when not deployed on active engagements.
- Analyze and understand complex application, infrastructure, and solution architecture designs to identify security weaknesses.
- Provide consultative guidance to stakeholders on vulnerabilities identified, including clear and actionable remediation recommendations, both verbally and in writing.
- Prepare high-quality assessment reports with concise risk articulation and business-relevant recommendations.
- Enhance and update penetration testing methodologies, processes, playbooks, and standards documentation.
- Maintain technical proficiency through ongoing learning, certifications, and structured training paths.
- Effectively communicate the services, capabilities, and value proposition of the penetration testing team to internal and external stakeholders.
- Leverage automation and scripting, including AI-assisted and AI-integrated approaches, to improve testing efficiency and coverage.
- Support vulnerability research and exploit development activities using AI-enabled techniques where appropriate.
- Perform security testing for LLM-enabled applications and AI systems, including validation of common LLM-related risks and misuse scenarios.
Preferred Qualifications
- Experience with automation and scripting for penetration testing use cases.
Exposure to AI-assisted security testing, AI-supported exploit research, or AI-integrated offensive security workflows. - Experience in LLM security testing, prompt injection testing, model misuse scenarios, and security assessment of AI-enabled applications.
- Relevant industry certifications such as OSCP, OSWE, OSEP, GPEN, GWAPT, GMOB, eCPPT, or equivalent.
Company Profile
CloudXtreme is a seasoned Global Information Technology Company with Strategic Leadership and Expertise spanning across a range of global companies with sizes from start up to multinational in a diverse focus sectors. We were born in Atlanta and grew as a Global Reach Company. We started as a technology company but soon realized that People are the core to any business growth. So we concentrated in the HR transformations and help customers have the best breed of HR SaaS Applications.
We aspire to be a leader in HRMS Transformation Solutions, providing phenomenal delivery of next generation software solutions and end to end technology services. Our Company is empowered with employer-employee relation to help customers succeed through innovation and transformation. We acquire and retain talent with business sector knowledge, technology passionate and experience of delivering transformations at scale.
