Login

u/Extension_Cloud4221

▲ 1 r/cybersecurityindia

Hey everyone,

I'm a web developer with 3+ years of experience and I recently passed my OSCP. I'm now actively transitioning into penetration testing / offensive security and trying to figure out two things:

1. Realistic salary expectations in India

I've seen a huge range online — from ₹5L all the way to ₹30L+ depending on the source. I know I'm not a complete fresher (web dev background + OSCP), so I don't want to undersell myself but also don't want to be unrealistic.

  • What salary should I target for my first pentesting role given my background?

  • How quickly can salary grow with experience + additional certs (e.g. BSCP, CWEE)?

  • Is the Indian market genuinely worth it long term, or should I be targeting remote EU/UK roles from the start?

  • For those doing freelance/consulting in India — what are realistic day rates or per-engagment fees?

2. Which job titles should I actually be applying to?

This is where I'm confused. There seem to be a lot of overlapping titles and I don't know which ones are entry points vs senior roles, or which ones actually do hands-on offensive work vs being more defensive/GRC.

  • Should I be applying to "Penetration Tester", "Security Analyst", "Ethical Hacker", "Red Team Analyst", "Vulnerability Assessment" roles — or something else?

  • Which titles are actually hands-on offensive vs just compliance/checkbox work?

  • Which companies in India (product, service, or MNC) actually do real pentesting work worth joining early career?

  • Any titles I should avoid that sound offensive but are actually just SOC/defensive work?

My background for context:

  • 3+ years web development experience

  • OSCP certified

  • Currently studying for CWEE(htb) next

  • Based in India, open to remote international work

  • Goal: maximize salary and eventually start my own pentesting consultancy

Would love honest takes from people actually working in the field in India — not just what the job boards say. Thanks!

reddit.com
u/Extension_Cloud4221 — 15 days ago
▲ 19 r/cybersecurityindia

Hey everyone,

I recently passed my OSCP and I have 3+ years of experience as a web developer. I want to move into web application pentesting and eventually either maximize my salary as a pentester or start my own consulting business.

I've been going back and forth on what to pursue next and wanted to get some real-world opinions from people who've actually done these certs.

The options I'm considering:

  • BSCP (Burp Suite Certified Practitioner) — different brand, web-focused, heard it's well recognized
  • OSWA — natural OffSec progression but worried it's redundant since I already have OSCP
  • HTB CWES → CWEE — heard the content is great but unsure about employer recognition vs OffSec/PortSwigger
  • OSWE — deep and respected but same OffSec brand again, is a second OffSec cert worth it?

My specific questions:

  1. Does having two OffSec certs (OSCP + OSWA or OSWE) actually carry extra weight, or is the brand bump basically one-time?
  2. Is BSCP genuinely respected by hiring managers or more of a community thing?
  3. How is HTB CWEE recognized in the job market right now compared to OffSec/PortSwigger certs?
  4. With a web dev background, which cert would give me the biggest practical edge in web pentesting specifically?

For context I'm based in India but open to remote/international work.

One big reason I am asking this is because Offsec certs are quite expensive

Would really appreciate honest takes from people working in the field, not just what looks good on paper. Thanks!

reddit.com
u/Extension_Cloud4221 — 15 days ago