Description : We are looking for an experienced Application Security Consultant / Ethical Hacker on a contract to secure our ERP and HIS applications and prepare them for rigorous client-side penetration testing and WASA (Web Application Security Assessment) compliance.

Key Responsibilities :

- Conduct in-depth manual VAPT for ERP, HIS, APIs, and backend services.

- Simulate real-world attacks : SQL Injection, XSS, CSRF, authentication bypass, access control flaws, API abuse, session attacks, and more.

- Perform and document a complete WASA assessment.

- Identify logical and business-flow vulnerabilities beyond automated tools.

- Guide internal developers on remediation and secure coding practices.

- Re-test and validate fixes; prepare final audit-ready security reports.

- Implement best-practice security hardening for servers, databases, and APIs.

Must-Have Skills :

- 5-10 years in Application Security / Ethical Hacking.

- Strong expertise in manual exploitation & secure remediation.

- Deep knowledge of OWASP Top 10, SANS 25, API Security Top 10, Secure SDLC.

- Hands-on experience with Burp Suite Pro, ZAP, Metasploit, Nmap, SAST/DAST tools.

- Experience preparing software for third-party audits & WASA certification.

Preferred Certifications :

- OSCP / OSWE (highly preferred)

- CEH, CREST, GPEN

What We Offer :

- Opportunity to work on large-scale ERP & HIS platforms.

- Full support from our internal tech teams for quick remediation cycles.