Talent.com
This job offer is not available in your country.
Vulnerability Researcher / Ethical Hacker

Vulnerability Researcher / Ethical Hacker

Aspire Talent InnovationsBangalore
23 hours ago
Job description

Description : About the role :

We are hiring a hands-on Vulnerability Researcher and Ethical Hacker to find real security weaknesses before attackers do. You will run offensive security research across web, APIs, cloud, containers, binaries, and firmware. Your work will produce reproducible exploit proofs of concept, high quality vulnerability reports, risk-based remediation guidance, and periodic threat briefs for product and engineering teams.

What you will do :

  • Perform proactive offensive security testing of web applications, APIs, microservices, mobile apps, server software, containers, and cloud environments.
  • Discover, verify, and exploit vulnerabilities to produce clear proof of concept exploits and remediation steps.
  • Triage and validate incoming findings from scanners, bug bounty programs, and automated tools to reduce false positives and prioritize actionable issues.
  • Reverse engineer binaries, libraries, and firmware to identify logic flaws, memory corruption, or insecure assumptions.
  • Develop and run fuzzers, custom scanners, and automated test harnesses to surface hard to find issues.
  • Build and maintain internal tooling, scripts, and exploit frameworks using Python, Go, or other appropriate languages.
  • Collaborate with engineering to reproduce bugs, explain attack chains, and help implement fixes and mitigations.
  • Produce clear, evidence-based vulnerability reports suitable for developers, security leadership, and compliance auditors.
  • Participate in responsible disclosure, coordinate CVE submissions, and engage with third parties as needed.
  • Keep current on attacker techniques, public advisories, and exploit trends. Share findings via internal training, playbooks, and red team exercises.

Required skills and experience :

  • 3 or more years of hands-on offensive security, vulnerability research, or penetration testing experience.
  • Strong web and API security skillset including common vulnerability classes such as authentication and authorization flaws, BOLA / IDOR, injection, SSRF, deserialization, and auth misuse.
  • Solid experience with exploit development, proof of concept creation, and vulnerability triage.
  • Proficiency in scripting and tooling. Python required. Experience with Go, Bash, or JavaScript is a plus.
  • Familiarity with reverse engineering and binary analysis workflows. Comfortable with tools like Ghidra, IDA, radare2, or similar.
  • Experience with fuzzing frameworks and techniques. Ability to design targeted fuzzers for complex code paths.
  • Deep experience with security tooling : Burp Suite, ZAP, Wireshark, Metasploit, sqlmap, etc.
  • Strong knowledge of cloud platforms and cloud security (AWS, GCP, or Azure) including common misconfigurations and identity issues.
  • Comfortable working with containerized environments and Kubernetes security concepts.
  • Excellent written and verbal communication. Able to produce developer friendly remediation steps and concise vulnerability reports.
  • Strong ethical mindset and understanding of legal and disclosure boundaries.

    • (ref : hirist.tech)

    Create a job alert for this search

    Vulnerability • Bangalore