Penetration Test Engineer

Position Description:

Company Profile:
Founded in 1976 CGI is among the largest independent IT and business consulting services firms in the world. With 94000 consultants and professionals across the globe CGI delivers an end-to-end portfolio of capabilities from strategic IT and business consulting to systems integration managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at .
Job Title: Penetration Testing
Position: Software Test Engineer
Experience: 3 Years
Category: Software Development/ Engineering
Shift: General
Main location: Bangalore/Hyderabad/Chennai
Position ID: J0426-0431
Employment Type: Full Time
Education Qualification: Bachelors degree in computer science or related field or higher with minimum 3 years of relevant experience.
Position Description:
We are seeking a skilled and detail-oriented Mid-Level Penetration Test Engineer with 36 years of hands-on experience in manual and tool-assisted security testing. The ideal candidate will have strong expertise in vulnerability validation false positive analysis and real-world exploitation techniques across web API and mobile applications.
Experience in the BFSI/Insurance domain is highly preferred with the ability to assess business-critical workflows such as claims processing policy management and payment integrations.

Your future duties and responsibilities:

Penetration Testing Execution: Perform security testing across web API and mobile applications combining manual testing (priority) with automated scans using tools like Burp Suite and OWASP ZAP while identifying vulnerabilities aligned to OWASP Top 10 and API Top 10.
False Positive Analysis (Critical): Analyze SAST DAST and AI tool findings to validate exploitability eliminate false positives with supporting evidence correlate automated and manual results and justify reclassification where required.
Exploitation & Validation: Develop PoCs and simulate real-world attack scenarios including input manipulation authentication bypass and business logic abuse to validate vulnerabilities effectively.
Insurance Domain Testing: Assess workflows such as claims processing policy management and payment integrations with a focus on identifying business logic flaws impacting financial transactions and data integrity.
Reporting & Documentation: Create clear actionable reports covering issue details validation steps risk/impact and remediation recommendations and support audit discussions and fix validations.

Required qualifications to be successful in this role:

Must-Have Skills
Security Testing: Strong knowledge of OWASP Top 10 API Security Top 10 authentication/session flaws and vulnerabilities such as Injection XSS IDOR and SSRF.
Tools & Technologies: Hands-on experience with Burp Suite OWASP ZAP Nmap Nikto and SAST/DAST tools.
Technical Skills: Basic scripting (Python/Bash) with solid understanding of HTTP/HTTPS REST APIs JSON and authentication mechanisms like JWT and OAuth.
False Positive Handling: Ability to interpret scanner outputs perform manual validation and provide evidence-based conclusions.
Experience: 36 years in penetration testing with exposure to enterprise application security.
Good-to-Have Skills
Experience in BFSI/Insurance domain
Exposure to AI-based security testing tools
Knowledge of cloud security (AWS/Azure)
Certifications such as CEH eJPT Security or OSCP (preferred)
CGI is an equal opportunity addition CGI is committed to providing accommodation for people with disabilities in accordance with provincial legislation. Please let us know if you require reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.

Skills:

• NMAP (Network Mapper)
• Vulnerability Management(IAVM)
• Vulnerability Testing (IAVT)
• CompTIA Security
• English
• Offensive Security Cert Prof
• Offensive Security Cert Prof
• Security Certification

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our teamone of the largest IT and business consulting services firms in the world.