About Role

You would be part of the Cyber Security team to design and execute application security assessments. You will work on complex assignments targeting web, mobile and thick client applications from an adversary’s perspective, contributing to raise the overall application security posture across the organization.

Role & Responsibilities

• Contributing to raise the application security posture across the organization.
• Performing and/or assisting with internal application security assessments as needed.
• Participating on cross-functional teams/meetings to represent application security interests from a technical perspective.
• Staying current on trends in application security, application-related exploitation techniques and the latest compliance information.
• Conducting vulnerability assessments and penetration testing of web, mobile and thick client applications from an adversary’s perspective.
• Assisting with web application firewall (WAF) rule testing and validation.
• Elaborating clear and detailed security assessment reports for application owners and stakeholders.
• Assisting with the onboarding of new members of the application security testing team through work shadowing and knowledge transfer sessions.
• Supporting the identification of controls to remediating and/or mitigating identified security weaknesses of systems, applications, processes and procedures.
• Ensuring that testing is conducted in accordance with regulatory frameworks and compliance requirements.
• Supporting the application of consistent use of group and industry standard test methodologies, standards and tools (including metrics).

About You

Experience and Skills required for this role

• Bachelor’s Degree with minimum 5 years of job-related experience.
• Professional hands-on experience in vulnerability assessment and penetration testing activities, especially applications such as web, mobile and thick clients.
• In-depth knowledge of secure software development lifecycle (SDLC) and OWASP resources.
• Experience with the OWASP Top 10 and SANS CWE Top 25.
• Proficient in conducting manual application penetration testing.
• Excellent understanding about WAF and bypassing techniques.
• Experience in conducting manual application security code reviews.
• Experience with static application security testing (SAST) tools like SonarQube, Fortify, CheckMarx, etc.
• Experience with dynamic application security testing (DAST) tools like Burp Suite Enterprise, Invicti, Accunetix, etc.
• Experience in conducting mobile application security testing for Android and IOS platforms.
• Excellent presentation skills to be able to offer consulting or assistance to developers and IT teams.
• Ability to meet project deadlines with excellent project handling skills.
• Experience in preparing detailed reports and brief to various stakeholders.
• Hands-on experience with at least one programming language from PHP, ASP .NET, Java, Python, JavaScript.
• Proficiency in application security testing tools and frameworks such as OWASP ZAP, Burp Suite, Frida, Objection, etc.
• Understanding of national and international laws, regulations, policies, and ethics related to vulnerability assessment and penetration testing.

Certifications (preferred)

BSCP, OSCP, OSWE, OSED, OSEP, eMAPT, eWPT, GWAPT, GPEN, GXPN and GCPN