Security Tester

About the role

SourceFuse Technologies is seeking a proactive Security Tester to lead vulnerability assessments across web, mobile, API, cloud, network and AI/LLM platforms. The role combines hands‑on penetration testing with detailed reporting to help secure our products and services.

Key responsibilities

• Perform comprehensive VAPT for web applications, covering OWASP Top 10, authentication flaws, business logic issues and server‑side vulnerabilities.
• Assess Android and iOS apps using static and dynamic analysis, reverse engineering, SSL‑pinning bypass and runtime instrumentation.
• Test REST, GraphQL, SOAP and gRPC APIs for broken authentication, injection, rate‑limit bypass and data exposure.
• Conduct cloud security reviews on AWS, Azure and GCP, identifying misconfigurations, IAM weaknesses and insecure storage.
• Execute network and infrastructure testing, including port enumeration, firewall review and wireless assessments.
• Evaluate AI/LLM integrations for prompt injection, jailbreak, data leakage and model manipulation risks.
• Produce detailed vulnerability reports with PoCs, risk ratings and remediation guidance, and collaborate with development and DevOps teams.

Required profile

• 3‑5 years of hands‑on security testing experience across multiple platforms.
• Strong understanding of offensive security techniques and secure development practices.
• Ability to communicate findings clearly to technical and non‑technical stakeholders.

Required skills

• Web application testing tools: Burp Suite, OWASP testing methodologies.
• Mobile testing tools: Frida, Objection, MobSF, JADX, Hopper, Ghidra.
• API testing: REST, GraphQL, SOAP, gRPC, OAuth, JWT, API Keys.
• Cloud platforms: AWS, Azure, GCP, IAM configuration.
• Network assessment: port scanning, firewall review, VPN and wireless testing.
• AI/LLM security concepts: prompt injection, jailbreak, data leakage.