Key Accountabilities

• Plan, design, and execute security testing strategies for Web, Mobile (Android/iOS), and API-based applications.
• Perform manual and automated security testing, including vulnerability assessment and penetration testing (VAPT).
• Identify, analyze, and report security vulnerabilities across application, network, and infrastructure layers.
• Conduct OWASP Top 10 based assessments for Web and Mobile applications.
• Perform secure code reviews and collaborate with development teams to remediate vulnerabilities.
• Design and maintain reusable security test frameworks and scripts.
• Execute API security testing covering authentication, authorization, data validation, and rate limiting.
• Integrate security testing into CI/CD pipelines (DevSecOps) using Jenkins, GitLab, and related tools.
• Perform mobile security testing for Android and iOS including reverse engineering, certificate pinning validation, and secure storage checks.
• Conduct network-level testing using packet analyzers and traffic inspection tools.
• Validate encryption mechanisms, secure communications (TLS/SSL), and data protection practices.
• Provide detailed vulnerability reports with risk classification, remediation guidance, and verification results.
• Collaborate with QA, Development, DevOps, and Architecture teams to embed security early in SDLC (shift-left security).
• Support production security incidents and root cause analysis when required.
• Evaluate and recommend security tools and frameworks.
• Apply modern approaches such as AI-assisted vulnerability detection and intelligent security analytics.
• Guide and mentor team members on secure development and testing best practices.
• Stay updated on evolving security threats, compliance requirements, and industry standards.
• Interact with customers/clients as needed to address security findings and remediation status.
  
  

Mandatory Skills

• Bachelor’s degree in Engineering (B.E / B.Tech) or MCA.
• 6–8 years of experience in Application Security Testing.
• Strong hands-on experience with security testing tools such as:
• Burp Suite
• OWASP ZAP
• MobSF
• Metasploit
• Nessus / Qualys (or equivalent)
• Solid experience in Web, Mobile (Android/iOS), and API security testing.
• Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities.
• Experience performing penetration testing and vulnerability assessments.
• Hands-on experience with API security testing (OAuth, JWT, authentication, authorization).
• Knowledge of secure coding practices and ability to perform basic code reviews.
• Proficiency in Linux environments.
• Strong understanding of networking concepts and protocols (HTTP/S, TCP/IP).
• Experience with packet analysis tools such as TCPDUMP / Wireshark.
• Working knowledge of SQL databases (Oracle/MySQL/PostgreSQL).
• Experience integrating security testing into CI/CD pipelines (Jenkins, GitLab).
• Knowledge of SDLC, STLC, and secure SDLC practices.
• Exposure to cloud security concepts and common cloud vulnerabilities.
• Familiarity with cryptography fundamentals (encryption, hashing, certificates).
  
  

Desirable Skills

• Security certifications such as CEH, OSCP, GWAPT, or equivalent.
• Experience with AI-driven security testing tools for vulnerability discovery and prioritization.
• Knowledge of DevSecOps practices and Infrastructure Security.
• Exposure to container and Kubernetes security.
• Experience with compliance frameworks (ISO 27001, SOC2, PCI DSS – good to have).
• Familiarity with SAST/DAST tools.
• Experience working in Agile/Scrum environments.