Job Description

Job Description:


Key Responsibilities
Conduct manual and automated penetration testing of web applications, APIs, and related infrastructure.
Identify, document, and exploit security vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication flaws, and business logic issues.
Perform source code reviews to identify security flaws in web applications.
Use industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, and SAST/DAST tools.
Develop and execute custom scripts and exploits to validate security weaknesses.
Collaborate with development and DevSecOps teams to provide secure coding recommendations and remediation guidance.
Generate detailed reports with findings, risk assessments, and actionable remediation steps for technical and non-technical stakeholders.
Stay up to date with the latest web security trends, vulnerabilities, and attack techniques.
Perform retesting of vulnerabilities after remediation efforts.
Assist in threat modeling and risk assessments for web applications.


Tools & Technologies


The candidate should be proficient in using the following tools and technologies for web application penetration testing:


Web Application Security Testing Tools:
Burp Suite (Pro & Community)
WebInspect
Network & Reconnaissance Tools:
Nmap
Masscan
Amass
Subfinder / Assetfinder
Shodan / Censys
Exploitation & Attack Tools:
SQLmap (SQL injection testing), Metasploit Framework,
Scripting & Automation:
Python / Bash / PowerShell
JavaScript (for DOM-based attacks and exploitation)
Postman / REST API testing tools
Code Analysis & Debugging:
Source Code Review (Java, .NET, Python, JavaScript, etc.)
Static Analysis Tools (SAST) SonarQube, Snyk, Fortify
Dynamic Analysis Tools (DAST): Acunetix,


Cloud & Container Security:
AWS Security Tools (Pacu, ScoutSuite, Prowler)
Docker Security Testing (Trivy, Dockle)
Kubernetes Security Testing (Kube-hunter, Kube-bench)


Qualifications & Skills
Technical Skills:
Deep understanding of OWASP Top 10 vulnerabilities and web security principles.
Proficiency in protocols, authentication mechanisms, session management, and API security.
Experience with scripting (Python, Bash, PowerShell, JavaScript) for automation and exploit development.
Familiarity with Cloud Security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus.
Knowledge of Secure Software Development Life Cycle (SDLC) practices.
Certifications (Preferred but Not Required):
OSCP (Offensive Security Certified Professional)
GWAPT (GIAC Web Application Penetration Tester)
CPT (Certified Penetration Tester)
CEH (Certified Ethical Hacker)
Experience & Education:
Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
2-5 years of experience in web application security, penetration testing, or ethical hacking

Job Tags

Similar Jobs