Experience Required :

- 2-3 years of hands-on experience in web application, mobile application, source code review, and network penetration testing

- Strong experience in manual security testing, including SAST and DAST

Key Responsibilities :

- Perform penetration testing across web applications, mobile applications, and network infrastructure throughout different Software Development Life Cycle (SDLC) phases

- Identify, exploit, and report security vulnerabilities including business logic flaws, OWASP Top 10 issues, and generic attack vectors

- Conduct manual penetration testing for web and mobile applications, along with manual and automated source code reviews and analysis

- Collaborate closely with development and product teams to identify, validate, and mitigate security issues

- Manage security testing tasks and vulnerability reporting using tools such as Jira (knowledge of Jira is a plus)

Technical Skills & Tools :

- Proficiency in tools such as Burp Suite Professional, Postman, MobSF, Frida, and Nessus (experience with custom or self-developed tools is a plus)

- Knowledge of programming languages and frameworks such as PHP and JavaScript, including JavaScript frameworks (React, Node.js, etc.), is a plus

- Strong skills in manual and automated source code analysis, familiarity with SAST tools is a plus

Additional Experience (Good to Have) :

- Experience in bug bounty hunting, CVE discovery or contribution

- Security research, responsible disclosures, or public write-ups

Certifications (Good to Have, but Not Mandatory) :

- CEH, BSCP, GWAPT, CREST, HTB-CWES, HTB-CPTS