Job Description

Job requisition ID :: 94254
Date: Dec 15, 2025
Location: Hyderabad
Designation: Assistant Manager
Entity: Deloitte Touche Tohmatsu India LLP
About the Role


We are seeking an experienced Penetration Tester with a strong background in Web, Mobile, Network and API security testing. The role involves conducting end-to-end Vulnerability Assessment and Penetration Testing (VAPT), identifying security gaps, and providing actionable remediation guidance. The ideal candidate should be able to work closely with technical teams, business stakeholders, and client representatives in the international banking domain, ensuring security assessments meet the highest industry standards.



Key Responsibilities

Conduct penetration testing of Web applications, Mobile applications (iOS/Android), Networks and APIs (REST/SOAP/GraphQL). Perform Vulnerability Assessment and Exploitation in line with OWASP Top 10, OWASP MASVS, and API Security Top 10 standards. Prepare detailed assessment reports with proof-of-concept, risk ratings, and remediation recommendations. Collaborate with development, infrastructure, and business teams to provide technical security guidance. Validate remediation fixes and perform post-assessment verification. Simulate real-world attacks while adhering to client-approved scope and methodologies. Stay updated with the latest threats, exploits, tools, and attack techniques in the application and API security space. Ensure compliance with international regulations and security standards (PCI DSS, ISO 27001, NIST, etc.). Effectively communicate findings to both technical and non-technical stakeholders.


Required Skills & Experience

Proven hands-on experience in Web/Mobile/API penetration testing using industry-standard tools (Burp Suite, OWASP ZAP, Postman, MobSF, Frida, Drozer, adb, etc.). Strong knowledge of: OWASP Top 10 and API Security Top 10 Mobile Security Testing Guide (MSTG) Secure coding practices for Web/Mobile/API. Network VAPT, Red teaming and configuration reviews Experience with scripting for automation (Python, Bash, or PowerShell). Understanding of authentication mechanisms (OAuth2, JWT, SAML, etc.) and common misconfigurations. Knowledge of cloud-based application security (AWS, Azure, GCP) is an advantage. Strong analytical and problem-solving skills. Excellent written and verbal communication skills for client-facing interactions.


Educational Qualifications

Bachelor's or Master's degree in Computer Science, Information Security, or related field


Preferred Certifications


Candidates with one or more of the following certifications will be preferred:

* OSCP / OSWE / OSEP / OSED / GWAPT