Cyber Security Specialist

About the Role

We are looking for an experienced Cybersecurity Specialist to thoroughly test our SaaS product built using Laravel, Next.Js, Node.Js, MySQL, and MongoDB . The role involves identifying vulnerabilities, simulating real-world attacks, and ensuring our system is protected from threats such as malware, bot attacks, and data leakage .

Scope of Security Testing

The security audit will cover, but not be limited to :

Application Security Testing – SAST, DAST, IAST, OWASP Top 10 vulnerability checks.

API Security Testing – authentication / authorization flaws, data exposure, rate-limiting, replay attacks.

Database Security Testing – SQL injection (MySQL), NoSQL injection (MongoDB), encryption, DB access control.

Infrastructure & Server Security Testing – cloud configuration audit, firewall review, network security, patch management.

Penetration Testing – external and internal testing, red team simulations.

Malware & Bot Attack Simulation – file upload vulnerabilities, malware injection, anti-bot measures.

Authentication & Authorization Testing – weak password attacks, MFA testing, session hijacking prevention.

Data Leakage & Privacy Testing – PII exposure checks, GDPR / CCPA compliance, log & error masking.

Denial of Service (DoS / DDoS) Testing – stress / load testing, application-layer DoS prevention.

Business Logic Security Testing – abuse of workflows, race condition testing.

Key Responsibilities

Perform comprehensive manual & automated security testing across the SaaS platform.

Provide a detailed vulnerability assessment report with risk ratings and recommended fixes.

Collaborate with the development team to implement security best practices.

Re-test after fixes to ensure vulnerabilities are resolved.

Required Skills & Experience

Proven experience in penetration testing and web application security .

Strong knowledge of Laravel, Next.Js, Node.Js, MySQL, MongoDB security considerations.

Hands-on experience with OWASP Top 10 , SAST, DAST, and vulnerability scanning tools.

Expertise in SQL injection, NoSQL injection, XSS, CSRF, RCE, SSRF, privilege escalation testing.

Familiarity with malware analysis and bot attack prevention techniques .

Understanding of API security , encryption, and secure data handling.

Experience with cloud security (AWS, Azure, or similar) is a plus.

Relevant certifications (e.G., CEH, OSCP, CISSP ) preferred.

Deliverables

Comprehensive security audit report.

Actionable recommendations for remediation.

Post-fix verification testing results.

Initially, the role will be remote with a 4 PM to 12 AM IST shift, and later it will transition to an onsite position at our Noida office.