We are seeking a skilled Application Security Engineer / Penetration Tester to perform both automated and manual security testing on applications, APIs, and networks. You will work closely with cross-functional teams to uncover vulnerabilities, perform risk assessments, and recommend effective remediation strategies.

Key Responsibilities :

- Perform automated security testing of running applications and static code (SAST, DAST)

- Conduct manual penetration testing on :

Web applications
Internal applications
APIs
Internal & external networks
Mobile applications

- Utilize industry-leading tools such as AppScan, Netsparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux

- Identify and explain vulnerabilities like IDOR, Second-Order SQL Injection, CSRF - including root cause analysis and remediation strategies

- Collaborate with technical and non-technical stakeholders to report findings and lead remediation discussions

- Stay updated with emerging tools, techniques, and security trends to plug-and-play as needed for client projects

Requirements :

Mandatory Skills :

- 3+ years of experience using security testing tools (AppScan, Netsparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent)

- 3+ years of manual penetration testing & secure code review for web apps, mobile apps, and APIs

- Strong communication skills with both technical & non-technical audiences

- Ability to identify, adopt, and integrate new tools/technologies as required

Preferred Skills :

- 1+ year experience in developing web applications and/or APIs

- Familiarity with application architecture and business logic analysis

- Certifications like -GWAPT, CREST, OSCP, OSWE, OSWA (preferred but not mandatory)

Why Join Us?

- Work on cutting-edge security projects across industries

- Collaborate with skilled cybersecurity professionals

- Competitive salary & benefits

- Continuous learning & upskilling opportunities