Working Location: Mumbai Profile: Profile: Penetration Tester (AppSec)

Practice Area of Function: Cyber Security

Working Days: 5 days a week

Work Mode: On Site Role Purpose

Profile: Penetration Tester (AppSec)

Key Responsibilities:

Conduct source code reviews, and vulnerability assessment and penetration

testing (VAPT) of web applications, mobile applications, and APIs.

Utilize various tools and techniques to identify vulnerabilities, including

automated as well as manual testing.

Create detailed reports with remediation recommendations.

Collaborate with client development teams to ensure vulnerabilities are properly

addressed and remediated.

Communicate the business risk to senior management in an easy-to-understand

language.

Stay informed about new threats, vulnerabilities, and security controls to

protect against them.

Skills Required:

Well familiar with common network and application protocols layer protocols

and best security practices.

Strong understanding of web application, API, and mobile application security.

Proficient and hands-on experience in their vulnerability assessment and

penetration testing (VAPT).

Testing methodology aligned with OWASP security testing guides.

Manual penetration testing skills and techniques besides automated tools and

frameworks.

Hands-on experience of tools: Kali Linux, Checkmarx/Veracode/Semgrep,

Metasploit, Burp Suite, ZAP, Postman, SQLMap, MobSF, JADX, Frida,

Objection, Drozer, and other standard VAPT tools.

Ability to write to Python, Shell, PowerShell scripts for automation.

Excellent analytical and communications skills.

Qualifications:

B.E./B.Tech. in Computer Science or specialisation in Cyber Security.

3-5 years of experience in AppSec.

eWPT/Xv2, BSCP, CAPen/X,

Penetration Tester (AppSec)