Penetration Tester Architect ( VAPT, Android , IOS ) - Naukri.com

Noida, Greater Noida April 11, 2026 Full Time

Role & responsibilities :-

Application Security Integration: Implement and manage security tools and controls within the CI/CD pipeline to automate security scans, vulnerability management, and policy enforcement for applications in development, staging, and production environments.
Secure Software Development Lifecycle (SSDLC): Collaborate with software engineers to ensure code is secure by default and follows secure coding standards.
Security Automation: Develop and maintain automated security tests for applications, such as static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST), as well as vulnerability management and remediation processes.
Application Security Assessment: perform security assessments on web, thick and mobile applications (Both Android & IOS).
Collaboration & Training: Act as a liaison between development, security, and operations teams to ensure security practices are well understood and integrated into the existing workflows. Conduct security training sessions for developers to increase awareness of secure coding practices.
Excellent communication and collaboration skills.

Preferred candidate profile :-

Experience with Cloud security, Container security and Red-Teaming practices is desirable.
Experience in scripting and automation (e.g., Python, PowerShell).

Qualifications:

Bachelors degree in Computer Science, Cybersecurity, or related field (or equivalent work experience).
3+ years of experience in DevSecOps, application security, or software security roles.
Strong knowledge of application security principles, including secure coding practices, threat modeling, secure architecture, and vulnerability management.
Experience with security tools such as static code analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), container security, and vulnerability management platforms.
Proficient in DevOps tools: Jenkins, GitLab CI, Docker, Kubernetes etc.
Familiarity with security frameworks and standards, such as OWASP Top 10, NIST, and CIS benchmarks.
Strong scripting skills in languages like Python, Bash, PowerShell, or Go.
Experience with cloud platforms such as AWS, Azure, or GCP and understanding of cloud security principles.
Hands-on experience with containerization (Docker, Kubernetes) and securing microservices.
Excellent problem-solving skills and the ability to work collaboratively in cross-functional teams.
Strong communication skills, including the ability to explain technical security concepts to non-technical stakeholders.

Certification:

Mandatory:

Certifications such as Certified Red Team Operator (CRT), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN) are highly desirable.

Good to have:

Certifications such as CREST Practitioner Security Analyst (CPSA), Certified Expert Penetration Tester (CEPT) etc.