Application Security Penetration Tester

Role Overview

We are seeking an experienced Application Security Penetration Tester with a strong foundation in software development. The ideal candidate will possess handson experience performing security assessments validating vulnerabilities and collaborating with engineering teams to improve application security posture. This role requires a mix of technical penetration testing expertise secure coding knowledge and the ability to automate and integrate security controls into CI/CD pipelines.

Key Responsibilities

Application & Security Testing

• Schedule and perform routine application security tests.
• Conduct penetration tests on critical applications systems and APIs.
• Perform predeployment security testing on code changes.
• Execute SAST DAST SCA testing and validate security vulnerabilities.
• Use tools such as Fortify Burp Suite AppScan Checkmarx Veracode etc.
• Conduct vulnerability assessments and communicate findings with technical clarity.

Development & Code Review

• Perform secure code reviews to identify security weaknesses and duplicate code patterns.
• Collaborate with development teams to provide remediation guidance.
• Leverage development experience in .NET Java JavaScript Python etc. to understand and identify code-level vulnerabilities.

Automation & DevSecOps

• Automate security scans and integrate them into CI/CD pipelines (Jenkins GitHub Actions etc.).
• Enhance threat modeling and improve asset management processes.
• Maintain dashboards and provide regular reporting on vulnerability status.

Collaboration & Incident Support

• Present findings and recommendations to stakeholders.
• Work with engineering teams to embed security best practices.
• Support incident response teams with deep application-level expertise.
• Participate in red team purple team and penetration testing exercises.

Required Technical Skills

Security Expertise

• Strong understanding of internet architecture web technologies and security models.
• Hands-on experience with:
  • SAST DAST SCA
  • OWASP Top 10 & common vulnerability patterns
  • API security testing (JSON REST APIs)
• Ability to manually verify and exploit vulnerabilities.

Programming & Development

• Proficient in:
  • .NET ( 4.5) C C Java Python
  • JavaScript technologies ( ReactJS)
• 1-3 years of web development experience in:
  • HTML ASP ColdFusion JSP React
• Strong understanding of OOP concepts.

DevOps & CI/CD

• Experience with:
  • Jenkins
  • Git / GitHub
  • Pipeline security integrations

Database & Cloud Knowledge

• Familiarity with relational databases:
  • SQL Server MySQL
• Ability to write and interpret SQL queries.
• Basic knowledge of Microsoft Azure.

Core Competencies

• Strong analytical and problemsolving skills.
• Ability to communicate security issues effectively to technical and nontechnical audiences.
• Strong documentation and reporting abilities.
• Ability to work independently and collaboratively across teams.