Basic Information

Country:

India

State:

IN_Maharashtra

City:

Pune

Date Published:

17-Apr-2026

Job ID:

46625

Travel:

You may occasionally be required to travel for business

Looking for details about our benefits? You can learn more about them by clicking HERE

Description and Requirements

CareerArc Code

CA-SW

Hybrid: #LI-Hybrid

BMC empowers nearly 80% of the Forbes Global 100 to accelerate business value, faster than humanly possible. Our industry-leading portfolio unlocks human and machine potential to drive business growth, innovation, and sustainable success. BMC does this in a simple and optimized way by connecting people, systems, and data that power the world’s largest organizations so they can seize a competitive advantage.

BMC Software is looking for a motivated and skilled security professional to join the Product Security Group. This is a hands-on technical role where you will work closely with product and engineering teams to strengthen the security posture of modern, enterprise-grade applications.

In this role, you will contribute to threat modeling, security architecture reviews, SaaS security, penetration testing, and AI/ML, GenAI and Agentic AI security assessments across a diverse product portfolio. You will play a key role in identifying security risks early, validating real-world impact, and helping teams build secure-by-design systems.

A penetration tester plays a critical role in safeguarding an organization’s digital assets by proactively identifying and addressing security weaknesses. This position requires strong technical expertise, an attacker mindset, and a commitment to continuous learning in a rapidly evolving threat landscape—especially with the rise of AI-driven systems.

Here is how, through this exciting role, YOU will contribute to BMC's and your own success:

Perform vulnerability assessments and penetration testing across web, mobile, API, cloud, and containerized applications using standard and custom tools.
Execute real-world attack scenarios to identify, exploit, and validate security vulnerabilities.
Analyse findings and provide clear, actionable remediation recommendations to engineering teams.
Support application security initiatives by applying secure design and coding best practices.
Contribute to the development and improvement of penetration testing methodologies, scripts, and tools.
Conduct security assessments of AI/ML, GenAI, Agentic-AI enabled features, including LLM integrations.
Test AI systems for risks such as prompt injection, basic jailbreak techniques, and data exposure via model outputs.
Assist in evaluating the security of RAG-based implementations, agent workflows, and AI-related components.
Collaborate with engineering teams to remediate vulnerabilities and strengthen security controls.
Document findings and map vulnerabilities to frameworks such as OWASP Top 10 (including LLM risks) and MITRE ATLAS.

To ensure you’re set up for success, you will bring the following skillset & experience:

• 4+ years of experience in product security across web, mobile, API, cloud, or container environments, or equivalent hands-on expertise.

Strong practical experience in penetration testing is required. Participation in bug bounty programs is a plus. Exposure to AI/ML, GenAI or Agentic AI security testing is advantageous.

• Penetration Testing & Tooling:

Hands-on experience with tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nuclei.

Ability to build custom scripts and automation using Python or Bash.

• Application Security Expertise:

Strong understanding of web application security, including the OWASP Top 10 and awareness of OWASP Top 10 for LLM Applications.

Experience identifying vulnerabilities such as SQL Injection, XSS, CSRF, SSRF, IDOR, and related issues.

• Exploitation & Risk Assessment:

Ability to exploit vulnerabilities to demonstrate impact and business risk.

Familiarity with CVSS (v3/v4) and EPSS for vulnerability prioritization.

• Problem Solving & Communication:

Strong analytical and problem-solving skills with an attacker mindset.

Effective communication skills to clearly document and present findings to technical and non-technical stakeholders.

• Collaboration & Work Ethic:

Ability to manage multiple tasks, meet deadlines, and work effectively in a team environment.

Demonstrates professionalism, integrity, and confidentiality.

Nice to Have:

• Hands-on experience with AI/GenAI/Agentic AI security testing, including prompt injection, jailbreaks, and RAG pipeline assessments.

• Familiarity with AI red-teaming tools (e.g., PyRIT, Garak, Guardrails AI) and adversarial ML concepts such as model inversion or data poisoning.

• Knowledge of frameworks such as MITRE ATLAS and NIST AI Risk Management Framework.

• Experience assessing or securing cloud platforms (AWS, Azure, or GCP).

• Exposure to secure code review (SAST) tools for languages such as C/C++, Java, or Python.

Our commitment to you!

BMC’s culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won’t be known just by your employee number, but for your true authentic self. BMC lets you be YOU!

If after reading the above, You’re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas!

BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.

BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process.

At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 2,117,800 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs.

The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits.

We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices.

We use AI technology to support parts of our recruitment process, but people—not algorithms—make all final hiring decisions. AI may assist with tasks like scheduling, screening for role alignment, or helping us manage large volumes of applications more efficiently. However, candidates are reviewed by a member of our recruitment team, and interviews and hiring decisions are always made by people. We’re committed to ensuring that technology enhances fairness, efficiency, and the candidate experience—never replaces genuine human judgment.

(Returnship@BMC)

Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply.