Penetration Tester

Overview

We are looking for a hands-on Penetration Tester with 3–4 years of experience in Web Application, Thick Client, and Network security testing.

This role is execution-focused and requires strong practical skills in identifying, validating, and explaining real-world security issues. You will work closely with development teams to assess security risks across the SDLC and help improve the overall security posture of the product.

You will primarily work on manual and automated VAPT, secure code reviews, and threat analysis, with opportunities to gradually contribute to security processes and tooling.

Key Responsibilities

Security Testing & Vulnerability Assessment:

Perform Web Application Penetration Testing using manual techniques and automated tools

Conduct Thick Client security testing, including:

• Reverse engineering
• API interception
• Traffic analysis
  
  
  

Execute internal and external Network Penetration Testing.

Identify, exploit, and validate vulnerabilities including:

• OWASP Top 10
• Business logic flaws
• Authentication & authorization weaknesses
• Security misconfigurations
  
  
  

Analyze and triage vulnerabilities from automated scans and manual testing.

Assess impact and risk of vulnerabilities from an end-user and business perspective.

Secure Code Review & Threat Analysis:

Perform secure source code reviews (manual and tool-assisted)

Review JavaScript (frontend & backend) for issues such as:

• DOM-based XSS
• Insecure client-side logic
• Broken validation and authorization checks
  
  
  

Participate in application threat modeling discussions and identify attack surfaces.

Advise developers on secure coding practices and remediation approaches.

Automation, Tools & Process Support:

Develop and maintain Python and JavaScript scripts for:

• Security test automation
• Exploitation support
• Testing efficiency
  
  
  

Support and improve security testing processes, documentation, and reporting.

Track and document security findings and remediation status.

Stay updated on new vulnerabilities, attack techniques, and security best practices.

About you:

Degree in Computer Engineering, Computer Science (or equivalent) or equivalent experience.

Up to 3–4 years of hands-on experience in Penetration Testing / Application Security.

Must be able to work independently as well as being able to articulate technical terms to a non-technical audience (essential).

Strong experience in:

• Web Application Security Testing
• Thick Client Application Security Testing
• Network Penetration Testing
• Secure Code Review
  
  
  

Proficiency in Python and JavaScript for scripting and automation.

Solid understanding of:

• OWASP Top 10 and OWASP ASVS
• Secure coding principles and common vulnerability patterns
• Authentication, authorization, session management, and cryptography basics
  
  
  

Hands-on experience with tools such as:

• Burp Suite, OWASP ZAP
• Nmap, Nessus, Metasploit
• Wireshark, SQLMap
• IDA, Ghidra, dnSpy (for thick client testing)
• SAST tools and secure code review platforms
  
  
  

Good knowledge of:

• TCP/IP, HTTP/S, DNS
• Windows and Linux operating systems
• Client-side and server-side application architecture
  
  
  

One of the following valid certifications from:

• EC-Council: CEH, CPENT, CEH Master or Master LPT
• Offensive Security: OSCP, WEB-200, WEB-300, or PEN-300
• GIAC Certifications: GXPN, GWAPT, GCPN or GCPN
  
  
  

Nice to have (Not mandatory)

• Experience with API security testing
• Exposure to cloud security (AWS / Azure)
• Familiarity with CI/CD pipelines and basic DevSecOps concepts
• Experience writing security documentation, advisories, or blogs
  
  
  

About Resolver:

Over 1,000 of the world’s largest organizations depend on Resolver’s cloud software to protect their employees, customers, supply chain, brand and shareholders. That’s about 1,000,000 people using our tools each day. Are you ready to make an impact?

Headquartered in Toronto, Canada, also known as Silicon Valley North, Resolver has locations in India, USA, UK, New Zealand and Dubai.

About Us:

Resolver (www.resolver.com) Protects What Matters™. Our mission is simple. We transform how organizations think about Risk. Our cloud-based software protects over 1,000 of the world's largest organizations' employees, customers, supply chain, brand and shareholders. As a product centric company, Resolver is an integrated solution for the entire Organization offering solutions focused on, Corporate Security, Governance Risk & Compliance, and Information Security.

We believe in hard work and having fun while we work. We invest in our people, and we think big.

• Team: we have smart, talented and curious people you'll work with and learn from. As a Product company, you'll be hands-on with our global teams and top-tier leadership in Canada, the US, UK and New Zealand.
• Professional development: we have an external learning budget to help you grow and develop. We also have great online learning and workshops internally for you to tap in to.
• Impact: we solve complex challenges for some of the world's most recognized organizations. Our customers use our software to help reduce the frequency and severity of negative events to protect people, product and organizational success. What we do matters.
• Vacation: It’s important for you to have time off to recharge your battery and be with your family and friends. Paid time and sick/casual accrual are 15 days and 12 days per year respectively.
• Parental leave: we support new Mothers with 100% top-up Maternity leave is up to 26 weeks and new Fathers receive 10 days of Welcome Leave.
• Great benefits: 100% paid by us for health, accident and life, medical privileges include dental and outpatient too. We also offer a wellness/fitness reimbursement, that can go towards things like gym memberships, yoga classes, soccer membership fees or a cycle.
• Office perks: our environment is flexible, with great snacks and chai. We love our newly renovated office and table tennis. We do socials and events for people to come together.
• Learning: we invest in the development of our people through online learning, group learning and external learning.
• Wellness/fitness reimbursement: we care about your health
• See us here and follow us on Instagram!
  
  
  

Are you ready to make an impact?