Perform web application security assessments including VAPT (DAST, SAST, SCA). Identify and remediate vulnerabilities such as OWASP Top 10
, SQL Injection, XSS, CSRF, SSRF, IDOR, and authentication flaws. Conduct manual and automated security testing of web applications and APIs. Review application architecture, design, and source code for security weaknesses. Integrate security testing into CI/CD pipelines and Dev Sec Ops practices. Work closely with development and Dev Ops teams to implement secure coding practices. Validate remediation of security findings and provide risk‑based recommendations.
Support compliance and audit requirements (ISO 27001, SOC 2, PCI DSS, GDPR). Prepare detailed security assessment reports and present findings to stakeholders. Stay updated with emerging application security threats, tools, and techniques.
- 5+ years of experience in Web Application Security / Application Security Testing
. - Strong understanding of OWASP Top 10, OWASP ASVS
, and secure coding standards. - Hands‑on experience with security testing tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Veracode, Acunetix, Netsparker
. - Experience in API security testing (REST, SOAP, Graph
QL). - Good understanding of web technologies:
HTTP/S, HTML, JavaScript, JSON, XML
. - Familiarity with at least one programming language (Java, .NET, Python, JavaScript).
- Knowledge of authentication mechanisms (OAuth 2.0, JWT, SAML).
- Experience working in Agile and Dev Ops environments.
- CEH
- GWAPT / GWEB
- CSSLP
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).