1. Home
  2. Penetration Test Engineer

Offers “CGI”

New
CGI

Penetration Test Engineer

  • Bangalore, INDIA
Apply Now

Job description

Position Description:

Company Profile:
Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com.
Job Title: Penetration Testing
Position: Software Test Engineer
Experience: 3+ Years
Category: Software Development/ Engineering
Shift: General
Main location: Bangalore/Hyderabad/Chennai
Position ID: J0426-0432
Employment Type: Full Time
Education Qualification: Bachelor’s degree in computer science or related field or higher with minimum 3 years of relevant experience.
Position Description:
We are seeking a skilled and detail-oriented Mid-Level Penetration Test Engineer with 3–6 years of hands-on experience in manual and tool-assisted security testing. The ideal candidate will have strong expertise in vulnerability validation, false positive analysis, and real-world exploitation techniques across web, API, and mobile applications.
Experience in the BFSI/Insurance domain is highly preferred, with the ability to assess business-critical workflows such as claims processing, policy management, and payment integrations.

Your future duties and responsibilities:

• Penetration Testing Execution: Perform security testing across web, API, and mobile applications, combining manual testing (priority) with automated scans using tools like Burp Suite and OWASP ZAP, while identifying vulnerabilities aligned to OWASP Top 10 and API Top 10.
• False Positive Analysis (Critical): Analyze SAST, DAST, and AI tool findings to validate exploitability, eliminate false positives with supporting evidence, correlate automated and manual results, and justify reclassification where required.
• Exploitation & Validation: Develop PoCs and simulate real-world attack scenarios including input manipulation, authentication bypass, and business logic abuse to validate vulnerabilities effectively.
• Insurance Domain Testing: Assess workflows such as claims processing, policy management, and payment integrations, with a focus on identifying business logic flaws impacting financial transactions and data integrity.
• Reporting & Documentation: Create clear, actionable reports covering issue details, validation steps, risk/impact, and remediation recommendations, and support audit discussions and fix validations.

Required qualifications to be successful in this role:

Must-Have Skills
• Security Testing: Strong knowledge of OWASP Top 10, API Security Top 10, authentication/session flaws, and vulnerabilities such as Injection, XSS, IDOR, and SSRF.
• Tools & Technologies: Hands-on experience with Burp Suite, OWASP ZAP, Nmap, Nikto, and SAST/DAST tools.
• Technical Skills: Basic scripting (Python/Bash) with solid understanding of HTTP/HTTPS, REST APIs, JSON, and authentication mechanisms like JWT and OAuth.
• False Positive Handling: Ability to interpret scanner outputs, perform manual validation, and provide evidence-based conclusions.
• Experience: 3–6 years in penetration testing with exposure to enterprise application security.
Good-to-Have Skills
• Experience in BFSI/Insurance domain
• Exposure to AI-based security testing tools
• Knowledge of cloud security (AWS/Azure)
• Certifications such as CEH, eJPT, Security+, or OSCP (preferred)
CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodation for people with disabilities in accordance with provincial legislation. Please let us know if you require reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.

Skills:

·  NMAP (Network Mapper)
·  Vulnerability Management(IAVM)
·  Vulnerability Testing (IAVT)
·  CompTIA Security+
·  English
·  Offensive Security Cert Prof
·  Offensive Security Cert Prof
·  Security Certification

What you can expect from us:

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our team—one of the largest IT and business consulting services firms in the world.

Make every future a success.
  • Job directory
  • Business directory
    •