Job Description

ob Summary

:


We are seeking a skilled and detail-oriented Security Tester with 2-4 years of experience in Web Application Security Testing and Secure Code Review. The candidate will be responsible for identifying vulnerabilities in web applications through manual and automated testing, reviewing source code for security flaws, and collaborating with development teams to ensure secure software delivery.

Key Responsibilities

:


Conduct manual and automated security testing of web applications based on OWASP Top 10 vulnerability exploits in the application and CVE Database Vulnerabilities. Perform secure code reviews and manually validate the malicious code to identify vulnerabilities such as injection flaws, insecure deserialization, and improper error handling. Identify and validate issues related to OWASP Top 10, SANS CWE, and other common vulnerability categories. Perform Software composition analysis. Require expertise in Kali linux, NMAP, Metasploit, etc. Required expertise in OWASP API top 10 categories and Mobile security assessment. Require Use tools like Burp Suite, OWASP ZAP, SonarQube, Checkmarx, or Fortify, Postman, Soap UI for testing and code analysis. Collaborate with developers to remediate vulnerabilities and promote secure coding practices. Document findings with technical details, risk ratings, and remediation recommendations. Participate in threat modeling, design reviews, and security architecture discussions. Stay updated on emerging web security threats, vulnerability trends, and secure development methodologies. Capability of developing automated scripts for performing or validating OWASP attacks.
Required Skills & Qualifications:


Bachelor's degree in Computer Science, Information Security, or related field. 2-4 years of experience in web application security testing and secure code review. Strong understanding of web technologies (HTML, JavaScript, HTTP/S, REST APIs). Proficiency in source code analysis for languages like Java, .NET, Python, JavaScript. Familiarity with CI/CD pipelines and integrating security into SDLC. Experience with static and dynamic analysis tools. Excellent analytical, communication, and documentation skills.
Certificate: CEH (Certified Ethical Hacker)