Security professional looking for growth and professional challenge

Saxo Bank IT consist of over 500 IT professionals based in Copenhagen and Delhi who, using latest technologies and agile methodologies; design, build and run the Saxo Bank award winning, global multi-asset trading platform. Our specialty is within capital markets with focus on; high reliability, large volumes, low latency and a world class, cloud-based experience for retail, institutional and white-label clients.

Our in-house designed, built and operated Saxo Bank trading platform handles:

• over 25,000 concurrent online clients 24 hours per day / 5,5 trading days per week
• more than 160,000 unique monthly users to our social trading portal
• in excess of 400,000 price feed updates per second
• intraday execution and booking of up to 900 trades per second
• over 500,000 trade transactions processed daily


We are currently seeking a Senior Penetration Tester placed in the IT Security group in New Delhi/Gurgaon.  
As a Senior Penetration Tester in Saxo Bank you will:

• Execute internal security testing of web-based applications, networks, wireless systems, end user systems, and other types of information systems on a regular basis

• Work with IT and Business to perform physical security assessments, wireless, and social engineering (e.g., phishing attacks) campaigns

• Perform security reviews of application designs and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)

• Maintain high level of proficiency in internet threats and vulnerabilities on a day-to-day basis

• Work on improvements for provided application vulnerability assessment and penetration testing, including the building and enhancement of existing methodology, tools, and supporting resources

• Trainings for developers and testers on secure coding practices


As a person you come across as team-player who is professional, analytical, solution-oriented, positive and energetic. You also have documented and proven experience with:
• Minimum 6-7 years of technical information security experience; minimum of 5 years with hands-on security testing experience in application and system/network

• Strong understanding of information system security vulnerability assessment/testing on a wide variety of technologies and implementations utilizing both automated tools and manual techniques

• Detailed understanding of network and web application protocols, design and operations, port numbers, services, protocols and TCP-IP stack

• Significant experience performing web application security/penetration testing in accordance with well- known methodologies from OWASP, SANS, and NIST

• Demonstrate significant experience in testing Windows based systems

• Significant hands on experience with manual web application assessment and penetration testing methods related to web application mapping, reviewing client-side controls, testing user-input fields, and attacking session management, authentication, access controls, encryption, and backend databases/data stores

• Analyzing security findings to ascertain false positives and assign appropriate severity scores and priorities

• Work in a team environment or independently when necessary and be self-directed when appropriate

• Strong leadership skills with demonstrated ability to prioritize and execute in a methodical and disciplined manner

•Good English speaking and written skills

Preferred Qualifications:

• Industry information security certifications: OSCP/OSCE/OSWE, GPEN, GWAPT, CEH

• Maintain high level of proficiency of hands-on experience with open source and commercial vulnerability assessment and penetration testing tools such as HP WebInspect/IBM AppScan, Tenable Nessus/Rapid 7 NeXpose, Burp Suite, OWASP tools, Nmap, Wireshark, Fiddler, Firebug, Metasploit/Core Impact, sqlmap, Wireshark, Caine and Able, BeEF, DirBuster

• Good understanding of the components of a secure SDLC

• Experience with scripting languages/programming languages: JavaScript/HTML5, Python, shell scripting, jQuery, ASP, .NET, C#, Json and HTML

• Experience in performing static code analysis (manually or using tools such as HP Fortify, Veracode, or IBM AppScan Source)

•Experience with working closely with European Organizations

•Experience working in the Financial Industry


• A chance to join a truly growth-embracing culture, which will commit to helping you grow personally and professionally.
• An opportunity to work as part of a dynamic, ambitious and international team in an informal and pleasant working environment.
• An attractive salary plus benefits package.

Application deadline:
Expected Start Date:
Job type:
Working hours:
Working days:
Flexible Shift Pattern
Company homepage: