Job Description

Key Responsibilities

Update Mechanism & Distribution Testing

Assess update delivery pipeline for unauthorized access, misconfigurations, or delivery flaws.

Simulate HMAC token forge/replay attacks to test authentication robustness.

Test code-signing integrity by attempting to modify signed update bundles.

Simulate rollback scenarios, downgrade attack vectors, and patch bypass attempts.

Backend & Infrastructure Security

Perform RBAC abuse tests to detect privilege escalation opportunities.

Verify audit logging and forensic traceability of system actions.

Check backend service configurations for policy compliance and data protection.

Availability & Threat Resilience

Conduct DoS resilience testing by simulating excessive/malformed requests.

Perform mobile reverse engineering to detect information leakage or insecure storage.

Reporting & Retesting

Provide a detailed vulnerability report with CVSS scores and POC evidence.

Collaborate with DevSecOps for remediation validation and re-testing.



Required Skills & Qualifications

7+ years of penetration testing experience in enterprise environments.

Deep knowledge of OWASP Top 10 (Web, API, Mobile).

Hands-on experience testing mobile hybrid apps (Capacitor/Ionic).

Expertise in code signing, HMAC validation, and secure OTA update mechanisms.

Familiarity with Azure-hosted services, WebAPI, and SQL Server.

Proficient with tools such as Burp Suite, MobSF, Frida, Drozer, OWASP ZAP, Metasploit, Postman, Wireshark.

Strong scripting/debugging knowledge (Python, JavaScript, Bash).

Understanding of regulatory/compliance frameworks: ISO 27001, GDPR, NIST.

Certifications preferred: OSCP, CEH, GMOB, GWAPT.



Additional Context

App Architecture: Hybrid (Ionic + Capacitor)

Backend: .NET Core, WebAPI, Azure Blob Storage

CI/CD: Azure DevOps, App Center

Governance: Scoped under Qatar Airways IT & Cyber Security policies

About Virtusa

Teamwork, quality of life, professional and personal development: values that Virtusa is proud to embody. When you join us, you join a team of 27,000 people globally that cares about your growth -- one that seeks to provide you with exciting projects, opportunities and work with state of the art technologies throughout your career with us.



Great minds, great potential: it all comes together at Virtusa. We value collaboration and the team environment of our company, and seek to provide great minds with a dynamic place to nurture new ideas and foster excellence.



Virtusa was founded on principles of equal opportunity for all, and so does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.